General
-
Target
ddd5136281f14912a5f250faa8da547aded88d5720e1d69f8149eb9708132312
-
Size
628KB
-
Sample
220521-bldmhscaf6
-
MD5
89a7d5fd21cf852453a606dface156f0
-
SHA1
ce8596c54088b2138a454c20e5f43007b224d18a
-
SHA256
ddd5136281f14912a5f250faa8da547aded88d5720e1d69f8149eb9708132312
-
SHA512
c168896aaab9dc53fd28f914210738307b9e64b944e0d3370ff6207548c3623ddb759c832a629630e4ba700e5ac5891e2f4bc4feea90979b4c37981bd3d713a7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sa-ici.com - Port:
587 - Username:
[email protected] - Password:
b0YwnTJB!Nfe
Targets
-
-
Target
Scan0287393 pdf.exe
-
Size
673KB
-
MD5
a67709233bc437e92837efa08066e9ec
-
SHA1
6beb2027e47988f83dbdf87a2650860991935cfa
-
SHA256
39cd1a914f603bf76cfcf07aa65a0395901b42124c9da3ce3ef61b5b71982dc1
-
SHA512
682038b14e6e94cbebc81e398c979f5e3eec644588c574e25d23bfd24a0e1ec6b6abb19abe5cf86d9adf77881c2fe91e5cd3dc4b30f83cb3805a1b7fc0690a09
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-