General
-
Target
3a8378e0728ac012e359ec46f173f42607e4527889a03c44cf0d98077a2b93f3
-
Size
437KB
-
Sample
220521-my9fhacga5
-
MD5
7a14cfe7a0a69bd7e0ae7c6fb04771fb
-
SHA1
751c877a036fb651232b758f31e37573e7263c6f
-
SHA256
3a8378e0728ac012e359ec46f173f42607e4527889a03c44cf0d98077a2b93f3
-
SHA512
4cef238874fec5b6cca902d64e6d818a2a0f5503aed5b4b6160ca332978b2791f0b0a686da580b971ed5a7f3209d0083eb7dd9dc953e84193f40ba92a83e00a6
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acroative.com - Port:
587 - Username:
[email protected] - Password:
onegod5050()
Extracted
Protocol: smtp- Host:
mail.acroative.com - Port:
587 - Username:
[email protected] - Password:
onegod5050()
Targets
-
-
Target
2020 Shipment details.exe
-
Size
636KB
-
MD5
cfe84f4681713fdc9aada7c5b6331dd0
-
SHA1
cc5820940c73f1ee6c7f95c48a80f13f7cd84dbe
-
SHA256
4ec6d85f82f9d0874d740c3fa5b94c800e25b5dcd05b63135f6da92a8644d70e
-
SHA512
f922fd47b0d8e7d4f6c66585a2c5b557c051200c6ec47ea6a829ed2ba453ffa68b335d24ee08369d5da69fa33f0f6acdc653602d07c135b475c4e3bfd05a132b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-