General
-
Target
687a25afbf52ff9cd2d1d5aadc937c4c77d9f77862cb0dcb37ed18bd2d1948d0
-
Size
461KB
-
Sample
220521-n2rkjahfcp
-
MD5
61567a3cd5fb33beadfbebd4a48f1f24
-
SHA1
41a2c14708aeb46fa5f22f2f9ecceea3748823f6
-
SHA256
687a25afbf52ff9cd2d1d5aadc937c4c77d9f77862cb0dcb37ed18bd2d1948d0
-
SHA512
d13d36eb75b85315df157b065eed62398e85259e9cadd2dfdd8dfbf8566a2dfb5199a9d7c488781ff87259cf827bed785cd50abbf14f1a5f114bd90e7caae493
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
sepp2424@
Targets
-
-
Target
cyd.exe
-
Size
741KB
-
MD5
5c00edacde639c3bf71f99812e70b776
-
SHA1
0148eaef8a077b1d0a084854adf67e9209be4bc7
-
SHA256
01623a798b7efb749c3409651a85050b58327c7dbe59740f79dac9b78ae24c9b
-
SHA512
1eb216df5dcc4a946b38b4e95fca493f7ab3f048af32e0403ecddff82812f9d5230d851abcd8bfa826668c5ea3609f459095b73d070e2f2fcf5c75eaa7964953
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-