General
-
Target
d766688082ec1664718094ea8688a36cbb4339c8e0bbb8bb683bfae6602cf4f9
-
Size
461KB
-
Sample
220521-mx6m8afgeq
-
MD5
9cabf5f777a907f26e63764e6937c9dc
-
SHA1
d1a3f6e058d8673cf4af3cf6727a125af3c19d34
-
SHA256
d766688082ec1664718094ea8688a36cbb4339c8e0bbb8bb683bfae6602cf4f9
-
SHA512
8a939529e621d1a429973c2bab20a6ce1404a90dd7f320095e0f3e9dfe6c429588dec64e5eada1e35e0c9c384c15e2b8fdc8cee1c04d1c4607aca26676a767cd
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ikrrispharmanetwork.com - Port:
587 - Username:
[email protected] - Password:
Q5Ab{kp_p0?a
Targets
-
-
Target
Swift Copy.exe
-
Size
765KB
-
MD5
6b1ed2f5d2b314b8d8af86266b8055ca
-
SHA1
53c43c59bcc7456ea9857ee4a245b2341f5e4404
-
SHA256
20d66ddece0fa3ebb5a0573a7290ce696468ab27b55b99c37889ba6b4dab89ab
-
SHA512
c859de74b7d132ed28c2782aac67133ffdbef51f9df4a87064f41ea6f3cca40b455329b3f785b15ff145063df2af1614e61cdc093bad0cc9dec8005b5cd7edf5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-