General
-
Target
9ca36497072eba5668cc4392a957f557791343f5d82b0b986c6e032cd97d18f6
-
Size
494KB
-
Sample
220521-cxkqmsefc5
-
MD5
a6a065c86c9a14ef844ba63a49b67909
-
SHA1
b59050c28b153e835d1442c87da5779aef7a16ea
-
SHA256
9ca36497072eba5668cc4392a957f557791343f5d82b0b986c6e032cd97d18f6
-
SHA512
b5d338364741f3a7b5ed5ee0b3f7156dbae8a4614565b8f558f9999f5c312ead37381f918d0018846e619b5e4cc2b7dff00037c9c4a62b53d5827d0c8ba79936
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.svpcelectricals.com - Port:
587 - Username:
[email protected] - Password:
svPower@2020
Extracted
Protocol: smtp- Host:
smtp.svpcelectricals.com - Port:
587 - Username:
[email protected] - Password:
svPower@2020
Targets
-
-
Target
Purchase Order.exe
-
Size
546KB
-
MD5
9773ee81c3f9e99d2a49eadca3781fcd
-
SHA1
e2d4d319ff955aca80862eb81bdbd29b487020cc
-
SHA256
5bdb143b6d0d8d887824029cdf05abde0588afae43078ccc565f9eb4aaa3d6f2
-
SHA512
104cab226d60d5ad418b02f3d379e817919130d46d1cc8669e1a59afa468d90526ac57927517938e6649d311df73bebecb52e0aaeef23e805a7f11cbad12428a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-