General
-
Target
87811912da6c8d454dd3a2712a8726afda56f30f0cea0b56b9a12961c35728e2
-
Size
601KB
-
Sample
220521-n4zc6ahgdj
-
MD5
67cb3b5b171ab3ee60bd051c9dc3e940
-
SHA1
e0f75b28802b8ad7555ee1fbb311c51f8596797a
-
SHA256
87811912da6c8d454dd3a2712a8726afda56f30f0cea0b56b9a12961c35728e2
-
SHA512
2cba31f16a1d18c64c6cd9272462e805546e62fef994bc2b0dd3f9deb7cf0f9609612563e81866ebd062a540afdbe083290418dc496da37ab976e196fc5eef8b
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
Please confirm your shipment address.exe
-
Size
1.1MB
-
MD5
fd67f2468786ab7a02d00e3abe4ed5ac
-
SHA1
6f2119bdfea341acce131f9dab6479b68fb622cd
-
SHA256
1bd7fcf59176999d49faee562f699d840b4c1dd697055fa66e6a52c0846a9b42
-
SHA512
714653f371643e86a4ab80e8183167409bc8e65b5386e87ca3fc3e6b6a96a822d27aca58dc2e4231ebf87ea75bd48eeadc0e4357fbdd31279ec6295a7275c7a4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-