General
-
Target
6338cb73a1210d16efa560f54950824aa748cd5f71a119334ec3f321301f835b
-
Size
453KB
-
Sample
220521-my3mysfhaj
-
MD5
017a7ab36fc79a9f27466366e495cf55
-
SHA1
4590aaef5184f7ae05291515b42a314898aa1ccd
-
SHA256
6338cb73a1210d16efa560f54950824aa748cd5f71a119334ec3f321301f835b
-
SHA512
8027077362b56b45626d501daaa3ab5eb6f2b2a76c4de211fa42bc43369aa8fca35f63b1d60c7313a9b06b6ffc197ebf3289da3794915bf0185b58a378f7853b
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ikrrispharmanetwork.com - Port:
587 - Username:
[email protected] - Password:
Q5Ab{kp_p0?a
Targets
-
-
Target
Inquiry 500674 {ANSYS ENGINEERING PVT.LTD}.exe
-
Size
732KB
-
MD5
f988fdb69000424a89e909098c92e224
-
SHA1
8d229a101ae821c01d5af3addb4063c98a39e279
-
SHA256
d7834fcfcc6566637c03e6d09dfa4f8bd51ed085b6a7fc75b33d458947d2c997
-
SHA512
212ff772be795700af034cf181c9e36330fe69addd14f097e6f44ddbd1e372e505a4cb7c4548c7162b3ac4a3ba061e9bdaa4b51b0d64211adff99147da1e4eec
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-