General
-
Target
9792755e2dbb2ab4583f7a1b28bb1248466af33ea2d2ffe44d25fdc6db86ba5d
-
Size
431KB
-
Sample
220521-n1zvhshfaj
-
MD5
ea7de6cfc8ba2ff9c0220c1906f131d8
-
SHA1
2250bcda2a259caaf6a42bd576bae257e490748c
-
SHA256
9792755e2dbb2ab4583f7a1b28bb1248466af33ea2d2ffe44d25fdc6db86ba5d
-
SHA512
9893e6015a2b8d133871a658aef650b36337b181e3ddcb30a220d1a06630a53b1c8f513eef0547ed41dff232a1fa1387058930d05ac3e3ca8d5077ac981d859b
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acroative.com - Port:
587 - Username:
[email protected] - Password:
onegod5050()
Extracted
Protocol: smtp- Host:
mail.acroative.com - Port:
587 - Username:
[email protected] - Password:
onegod5050()
Targets
-
-
Target
Shipping Documents_2998-0029-28833-92883.exe
-
Size
671KB
-
MD5
900b759ab7a29b28175f5a63c4437d05
-
SHA1
43806cee07901eae1b676a1f02f8d20e1eee7c2e
-
SHA256
76aeceb07ade4e0dca6cf046b682ae5909f578b725da30d10a46c6fb58cc3f33
-
SHA512
67b1ce5262bac1781618461c3dc3e9fb566b1ad11268c80a8d2261d776620086f0a0026f8de02f011e873748416e63a2f42485abd4bf58c513d0e9511bec5f7c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-