General
-
Target
cea374a41005c6c97df776a740dbf12973f1f61300a1707920eb95f4c9bc37cd
-
Size
390KB
-
Sample
220521-bz81kscge4
-
MD5
62e0c48ee2193489045cf2f4e2fcdb7a
-
SHA1
58f2d6db596f680b5ced922fd2d16eb587841682
-
SHA256
cea374a41005c6c97df776a740dbf12973f1f61300a1707920eb95f4c9bc37cd
-
SHA512
dc6f001cd20b050dee77d9350ffedb44bec1ef9c64ff21cc7d376571a8df9761807a468e23cf8e6820c0a5fa7e358b7f275a26ec38058ed1b3738d651293c970
Malware Config
Extracted
Protocol: smtp- Host:
mail.spamora.net - Port:
587 - Username:
[email protected] - Password:
dada123456
Targets
-
-
Target
PO#90126734.exe
-
Size
534KB
-
MD5
9eeaeaf87c06004b295ca1b8f395f00b
-
SHA1
62812b66b9fc9b7e7febe01c7b7280628ff18846
-
SHA256
d15622eadc7b798a496f5f524543a69c63da3f7f56e3bb01fcf83fa85e2ae549
-
SHA512
0dcae439c03b84406c1697540454d9eca9608f85ee2d1ed7b678a6974c7986fe0f1e236ba76a33e0b226c49a1f8421efc9f868c00875711cf7bb2a5f528362d5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-