General
-
Target
9c334a95c8f43a44f4d9dd1791e2443b2e026df0e66cc3163ded772691ecf319
-
Size
253KB
-
Sample
220521-cxlypshfhp
-
MD5
eeb996f1a1dd2a6a411ca5831bdfb31d
-
SHA1
8af42e6fe1bac8e607d46f637055b02fa2093b3f
-
SHA256
9c334a95c8f43a44f4d9dd1791e2443b2e026df0e66cc3163ded772691ecf319
-
SHA512
c9d105d5029f1b3e5c17f8642fac871674e68539ecf2f25188d87c8410968707b2d3b890df428d2429a505a3800648aa632fafa3084a373f12d5c5441950808e
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.adithyaeng.com - Port:
587 - Username:
[email protected] - Password:
thiyagarajan*123
Targets
-
-
Target
Quotation.exe
-
Size
349KB
-
MD5
e4c1a88c35f7fd8b5565b3745b831b2a
-
SHA1
382794bb0b470804f97eb4bb15a89af54dd9b015
-
SHA256
467d49c33ce4c91f53f7120a44819d51847b9220c62027415936c1fffa631bd2
-
SHA512
afaa8e21d4268dcb20c72879727714ffb571a31576447c7a946a7d15da48f7a23af25bd4fa4f099f24314837cde3f41fd9e6200df9dc9bdb6c212f78dd22105a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-