General
-
Target
f1603b5c4886015d2814038adba0f7f58c03f9226e2ba938f916d4dedcc10f8f
-
Size
485KB
-
Sample
220521-bjrrcsehhq
-
MD5
e11f45b93f0fd58cbd485bbb5460c81b
-
SHA1
a5bdbb978100bf7b31bd47e6aa8dad3a957326dc
-
SHA256
f1603b5c4886015d2814038adba0f7f58c03f9226e2ba938f916d4dedcc10f8f
-
SHA512
a63003cd6348ce286de1184dd4bb018955080102ec1e1461bbb9369c7a650f788d36222471cd3d4b3fa7dde51e3306dd6ee09c523632b96109e2d49f2e09ba0a
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ezesundayngma
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ezesundayngma
Targets
-
-
Target
INV.exe
-
Size
853KB
-
MD5
38670fbeb0f4e40e3f76149027ebe5fa
-
SHA1
80d1f1a7b469676b66b0c98bcaec5410470b0e99
-
SHA256
c8613cbe02f1e23ab87fcce103efa89cc8da78705c42ca373fa45f3d213b9f5a
-
SHA512
c6f30a191e6a2fe83e7ded892cbecb8d4ed1d4c778b8e3d5f083a311aad4c40f951016c8576e4454e8a7f52fd70e75a0b43629e034c9334508740cee6fd889bc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-