General
-
Target
57a86028ddeb27c9c8a20f83ac654c84dd15e1403721cd457f4af1c7590c86ff
-
Size
368KB
-
Sample
220521-n2yzlshfdk
-
MD5
41778a8618692a0b88cf4b07a47f5a5c
-
SHA1
aaf24f42b58e730e3caba94a6adf58950fe970b8
-
SHA256
57a86028ddeb27c9c8a20f83ac654c84dd15e1403721cd457f4af1c7590c86ff
-
SHA512
bdb058a05d367fae3aa4a243e224ac207207a1a60bcf3fb103170f9545f41e35c6fe9ee854236eb64fd3dc2f949eb90e4a6cf2fb352f6090fe759848b57a94f9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.umgservicios.com - Port:
587 - Username:
[email protected] - Password:
hOZ6c6%@I6bRL$0u
Targets
-
-
Target
11.exe
-
Size
644KB
-
MD5
4176633e6210384b6cc59d563f094fba
-
SHA1
f38ce8ae0c6c9b4762c547fc0e38c01617706da3
-
SHA256
e93ac650630bc4b2eab3909ddd47aaa87fec1fc013657039a5c2c1e15fc5d2a2
-
SHA512
e885fed8c46f9c83eb42ea2d34f48338c4fcbff0d97c8692d9bc3649f991e7c63be571b5d2361d8da7dcd471f44a00b43481940bc8ae837baf291cd5de25e521
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-