General
-
Target
541fe43aa60fc2cbc513b763a1d703d2429e08d41c30537473ad10fb6a370d40
-
Size
423KB
-
Sample
220521-n22eqseec5
-
MD5
1de2bc94200526befbb4d2c25ddae1f6
-
SHA1
58a4db73cd77db50dbba04e3daf44539d57c87b6
-
SHA256
541fe43aa60fc2cbc513b763a1d703d2429e08d41c30537473ad10fb6a370d40
-
SHA512
2e04eb1f56cbf7254e091992e4f8cc8ce53935ce83091d7a1685b23dcd181fb07d51430fd54f72d1707c2cec53618d801ae0ab0dd0c213c700b295eb2dcfb2a8
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
SHarps@11
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
SHarps@11
Targets
-
-
Target
Swift docs.exe
-
Size
755KB
-
MD5
8d78fbd8ade0cc499b82c58538aab5ed
-
SHA1
f5e3186bbb80c65ecc1d4b2c1f0de075463bb13a
-
SHA256
eceaeb5dd1fdf321efcf6c4e33706e025408deaa74ece9fb0e4e145901513cf2
-
SHA512
ae3b08857c255b0236f21511fbabda86e55561cec4bc60b7b1d9cdc285be88bb4c656498843fce1865b4b7550bc986cee6af0b503967544d59818d348eea4db1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-