General
-
Target
0807ff4b5bb793313158b0f761e6f2b5eef3afdb83b30d9100e42cbc71b2bd9a
-
Size
496KB
-
Sample
220521-bywc4afgdq
-
MD5
c7f963b4ef1c5f323fc38bbe21efc26c
-
SHA1
140a8fb3330f5dcfd38fe2c930d40325b1efc9b8
-
SHA256
0807ff4b5bb793313158b0f761e6f2b5eef3afdb83b30d9100e42cbc71b2bd9a
-
SHA512
7ee5a90e66c1c03f84e043c5eed0a8ada6133ef098ac128f9e1af9d09b252e2d7dfb93dd7e9027ecd72635a21c2e0e707f373ef42c9274b0c450ffdb20106db2
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
elevated101
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
elevated101
Targets
-
-
Target
SCAN003082020.exe
-
Size
597KB
-
MD5
2410acfe1a5929ccea9a57433673b7f2
-
SHA1
9854f320ff61f82f6bc072e992848f6fb05cd22e
-
SHA256
847082fe41577614b2b67a5ae938fbe824b1d142c81bb2b6036a4aeae8cccbb6
-
SHA512
d001da204bd379510945c95ceabb9b6c645671c463f5115784bc13cffbbd4ed398b9d5c38716c0f25bf062f7de995037a2825360b6f17571006f34a8dbc8d3de
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-