General
-
Target
f2ad36f6273e6c885b045f486f0718f76bf7652c15c6c5722976433aa32fb706
-
Size
690KB
-
Sample
220521-bl2z4sfbak
-
MD5
210ba84019dbf5dc89f1bcdd739e2c75
-
SHA1
dbe7cdfd986fd2842b63491ef2ca39646d52ac37
-
SHA256
f2ad36f6273e6c885b045f486f0718f76bf7652c15c6c5722976433aa32fb706
-
SHA512
01ba038bd32a635495837f04d6eba4db97be0b9f64e6d80e620dd66aeba930794a8222ebbf867f43ef8fc52648e2339c0a3c8de1a14407ff7de1c8cffaa00570
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
legend1234$$
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
legend1234$$
Targets
-
-
Target
EQUIP MATERIALS.exe
-
Size
881KB
-
MD5
e837aefc96308f476f9c9fee984f0128
-
SHA1
4bae17624832e3c8928e4ae90a89c1868933620d
-
SHA256
f83df92f9d78101b5376837923351b70eb6581d4ee2b7bf251ef8a2387177064
-
SHA512
2c4178cd76546f54578bcf40c1f1ea0fed50b0fc7056d29df4005da8e88d14828f0120dccef2acf447cc7807d3ead898db87dd7b35f5c83a16d6e52a6a7ff51c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-