General
-
Target
765f75f9583e895fb800aefa190462861032e1b7b7f3320a2c6e40363211674c
-
Size
536KB
-
Sample
220521-n53f7shghq
-
MD5
6f18354235ac29e8d6c69d14624e1be1
-
SHA1
453904ac923705800d8f36cc907669ba3d008c49
-
SHA256
765f75f9583e895fb800aefa190462861032e1b7b7f3320a2c6e40363211674c
-
SHA512
0bf38c952e0e117ea79f8e7d06974b637f90ebe3d55e98f8f551ac2c16b0cab44786e09482855d58f9d2497cff47ddf3648cef478836ac24a93088f0b834da9e
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Targets
-
-
Target
SKM_C3350191107102300.exe
-
Size
625KB
-
MD5
9d65b55f99601ea8e2c631433ccbf1de
-
SHA1
59e3eec27abd3d9d53c5d115bee0629e1f8106e8
-
SHA256
e57b3fac2ff014d32527f235abf0efc4ddf672cc3781b1d5964bd635ed21cdf6
-
SHA512
6474da050f5126c80fe16dc6b00db6c03e3efaa32a483bef869e744e98e135ffac190182c925e44f91afe3515f317b7e38e18b163bef41a64ac338ed4ea9f294
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-