General
-
Target
fd688a7b5f8a3c087247b17374b7cec11eb373c79bea815e3213adc8279c99e6
-
Size
397KB
-
Sample
220521-blmv7afagn
-
MD5
05b8d52155d3d3301d4305cb32082bec
-
SHA1
175c035455eb80d9bed47c08a5c6621746887435
-
SHA256
fd688a7b5f8a3c087247b17374b7cec11eb373c79bea815e3213adc8279c99e6
-
SHA512
7e14036f1e29dcde62b78c480c09252906a6651ffd2e73c0834572cd8d5fabaab344d36069d1b970e3a94f4cd41f46a5ba879428bc5036684b4b0ae8b1e8aad3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
Kalisvicjic1
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
Kalisvicjic1
Targets
-
-
Target
Specification Details.exe
-
Size
525KB
-
MD5
8ffa85892e867185c50df18e5c7a24ca
-
SHA1
113203844a2fcf0e8029921b9f256883efa65498
-
SHA256
8a6e7f587f69fcb329022d9036a65c8515a2652f2457f29e4e26d00f81e08355
-
SHA512
a9c97d6914b3c74b2afa62b34da06141c4782ad6af77b9be1f542d6d9a774ad2c4736892510b684e546f9d219fe17550663f37295ba45c05514cfaeee3c405a3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-