General
-
Target
6f5c8354926f49d2d86ec199c74ba98b8125b08c4e1ce73d4b71bcb0c160fdb6
-
Size
390KB
-
Sample
220521-c96hwafcd4
-
MD5
fe4b72c2d49ad64bffad2100272fb9b1
-
SHA1
daab08834a53da8369302f4a830a988cc04edf86
-
SHA256
6f5c8354926f49d2d86ec199c74ba98b8125b08c4e1ce73d4b71bcb0c160fdb6
-
SHA512
de893f548406b80830eaafe440b526568d3d4869a7f68970ddf7d64453c199dc0bb43d49df6cf03bdc814db1ed4055b0618b59080cb8ad374865542f3cc38b60
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elittacop.com - Port:
587 - Username:
[email protected] - Password:
@eaSYuc8
Targets
-
-
Target
Account information.exe
-
Size
513KB
-
MD5
d4f31ef1f0ee95b0974223a61c7b38d0
-
SHA1
5fbd210c289efeddbf11e79ddf0707f42aadd6a3
-
SHA256
17a6854b9d7de26d3c70352b1a5fe59aeb25abd75c57902950278569bac64f78
-
SHA512
a4ee1525b95f8e5bcca9ed7389f28e7f037bc853b3d38f637ef5c826c10e0931a91c5abfbb63a326714e69b78a817643fc99246192774ab73f7d5731111ec50c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-