General
-
Target
440f385dbdc69f26bfe6854608491fa20f5473c4de5d9757dee3f1984d742edd
-
Size
519KB
-
Sample
220521-n3bwgahfen
-
MD5
dfa3d734754dd828ad4ea61be2050f2a
-
SHA1
e138f5bb9be6fc103723de90920f09aca5529cbd
-
SHA256
440f385dbdc69f26bfe6854608491fa20f5473c4de5d9757dee3f1984d742edd
-
SHA512
2fee4ccdbc190421dd2ff5416dc27b85e09445d3a27ef7d0a133e1a5c6cfbd6ca8fa5a3996a5f5fb9f1959c0be7fd28cd5323f4b42d91cf7b7100640b8594be9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.c67976.sgvps.net - Port:
587 - Username:
[email protected] - Password:
somc2424@
Extracted
Protocol: smtp- Host:
mail.c67976.sgvps.net - Port:
587 - Username:
[email protected] - Password:
somc2424@
Targets
-
-
Target
PAYMENT SWIFT.exe
-
Size
867KB
-
MD5
0e36f6b9007375a096a2a612fb6a5047
-
SHA1
d17026d90e8997baf4816d4d971dc7c4a4f73437
-
SHA256
a72cd506b5fc75c21d24703009cc3e58dbd7bb037bf8afaa9f1585ebc79ed235
-
SHA512
3e6aa43e1c3549af1b825f4dcf789e45edd5936ee02c178d0b16d00cb9806a41c5302a053765f7900e33e12666765aac60499c727ac703bb56b586992586a64f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-