General
-
Target
9aa36116b90b2de7dc8fc7908743729f0e932edd859f9d0462f10fe636075a19
-
Size
565KB
-
Sample
220521-mynh2acfg4
-
MD5
598d957cbb8c00539104aceeedcc8851
-
SHA1
71d54910614cb909e071ef4c54721a2b36aa97a9
-
SHA256
9aa36116b90b2de7dc8fc7908743729f0e932edd859f9d0462f10fe636075a19
-
SHA512
a8541ea560cfc69ce1b1dcfc1292528314cd7967645b9aa349676f77dda6cde314a718bb90dc5a796fbd6e74a8a751f9b87bc61ccba8c98a11a1903fa40aa059
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.petekyazilim.com - Port:
587 - Username:
[email protected] - Password:
petek19721972
Targets
-
-
Target
090900IMG.exe
-
Size
960KB
-
MD5
8b2cb661eb834522ace01c32dd499d67
-
SHA1
42ef864a4421177fc2f3953fba8aed7d4e240896
-
SHA256
8d599235c96bdb90cab54d06e9fd6265cb64ba755f3b0568de7cac39e6984f6a
-
SHA512
420921bf2c9c43f5c5062991f06ffb9e654da734f878795b43c9ca0a61a6c568b58253a269c10322865878a45bb29a3bea16d60e4a5918f310b368cc2f7d4e3a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-