General
-
Target
0b9853eaf5a70187d31d29b43529c6fad87baa416077b9b0282dd652030afdca
-
Size
383KB
-
Sample
220521-bymqyscfg5
-
MD5
3574da910931d83e2131483684e51cf7
-
SHA1
8e228755a22d3a3eea6b1d074d38685393e8e976
-
SHA256
0b9853eaf5a70187d31d29b43529c6fad87baa416077b9b0282dd652030afdca
-
SHA512
a8839cb6e7396ccb59d16d4ee124d89ac6238d06812bb1e06adce5461d53d5e00562fbf56da461f82d7c4be33df6b8624df10a9cccae5348573ad8134091ea0f
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
sguoijimpgucxufa
Targets
-
-
Target
QUOTATION REQUEST.exe
-
Size
424KB
-
MD5
3a4e3b96e1f4aa109749e5035e217f89
-
SHA1
1636287594a0f1fd960b2509a9b02fb769d79d79
-
SHA256
14dc3be5ce8ed2b8c0f9ec3a4e630c2dc9e613de58d8220e0b8d28fa51c6752e
-
SHA512
6525290542849bc7d2e00e3b458be8f477edb176ef916c4f4d0b42d3146283d71737ef9e301e2e73950da292b0a58a25961ddda7e3fcc9303abb38a7bcfd53d6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-