General
-
Target
04529edac78468eea95c995c044afdc1d16b6cd2b8308be8fbda444cd943c2cc
-
Size
414KB
-
Sample
220521-by19cafgen
-
MD5
86ee2c12d404fd08c3fbceb55ac8612b
-
SHA1
870db2adb891800e9fdef2171e66d32fa61c79b3
-
SHA256
04529edac78468eea95c995c044afdc1d16b6cd2b8308be8fbda444cd943c2cc
-
SHA512
98215f76936017a467d97fbc18c0b59d7d3a4d233f96421dd828ccb98ea52086f97c94526864d80aa5d23d5c349c04fa2cf949ec66ec3fbf2403ca9fef7956e6
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure197.inmotionhosting.com - Port:
587 - Username:
[email protected] - Password:
GL@123456
Targets
-
-
Target
MV SPAR DRACO LOADING STEEL.xlsx.exe
-
Size
568KB
-
MD5
47821979d2951dc788a811d1235ba7b1
-
SHA1
ad102eed6c0d158bb9b5112b5a96f9c25d8f5968
-
SHA256
b94b255e05a2792ad302c0c398099cbc6f6eb67212dd2c5fcafbe80a13f9b946
-
SHA512
44d7587417d51a20e30682434d67c9ff7cbb3297a346cf008b1b50b548d8c872f0ce88a1375882fbc8c369e2193d157783a00550d83fcf17cc0bc67c9bb70caa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-