General
-
Target
a9a5f2149058a1a9ab89cd0140fd9b6f91fe4d8039498e98dddbcf367de29fdc
-
Size
417KB
-
Sample
220521-n21s7shfdm
-
MD5
0f848ab8906b0ac8d2831448ef9749e8
-
SHA1
dc926929924be9c1e8809d7cfc29d8f7dc1264b5
-
SHA256
a9a5f2149058a1a9ab89cd0140fd9b6f91fe4d8039498e98dddbcf367de29fdc
-
SHA512
7ce9dc42896a9ff4a69a5e68fb3c574ad1836acf254e564eec7ff9cbb29779508f86888df429681b75b2dae4633a30d5a7e25da3db13862ad2010b720c16be68
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
Shipping Documents Waybill no 69793741500.pdf.exe
-
Size
470KB
-
MD5
4778aae302047edb758db94a7c44ba33
-
SHA1
93ba9f5632dd46ec68706a02f4c34b5fd49f82f5
-
SHA256
df517a9dbaa0829415080a30f0d2f4d0eb27082aa9f8706997c4f7b3008ebdd0
-
SHA512
8c0bbf7077b5e4b478fea961b42e7a8c49f48a456a7a8cead558089372a43733f3bd2fc8f927661c36d877dc3bfbaceb72d0b8bacde24f6fefd998a6cd6ac0e9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-