General
-
Target
20f2ef9ebc78d5ed58d747bcfac961410da3ee77c795913e981eb9bf9606f911
-
Size
404KB
-
Sample
220521-bxmpkacfc7
-
MD5
13ba5afb599c80cf031bdc4847fa4654
-
SHA1
6f5ecbf639e8c18e6e90dfcde06c3ec7a62b6fb7
-
SHA256
20f2ef9ebc78d5ed58d747bcfac961410da3ee77c795913e981eb9bf9606f911
-
SHA512
9dc8c9fd9fbedab1bdd12b0699af55041cba79c7b49666d428f5f098840aec801660233a34b06fbb96c9237ba8d695f3cdca4235ab4de7396f4c02bd663096f9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chiamaka1991
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chiamaka1991
Targets
-
-
Target
PO.r02.exe
-
Size
528KB
-
MD5
d9a65437d49bb6bd6ecd415c7214a93c
-
SHA1
0088823df476b6848d042bd0940886d4b99215cf
-
SHA256
5edec04b0b27b91523f60696c9a834bca0f4c6648d8a67c0df78db288e74bd2d
-
SHA512
785e74bca397ab8162516cdfa7e36f5186abae3fce044234b8e1a70128aba74d95f6d070d8b88d2e3b75194d8b528c0d01ea66cd569983491adf14e6a4f19820
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-