General
-
Target
6ebf1119365631d8d7227e7eb14f89d7c262d6596920458e81859dcbba614f78
-
Size
463KB
-
Sample
220521-n6fc3ahhap
-
MD5
1900d3e96a562b8506fd1494ce28154e
-
SHA1
1537b890e0e1cb909828c5e6a4d2a7e968c97e7c
-
SHA256
6ebf1119365631d8d7227e7eb14f89d7c262d6596920458e81859dcbba614f78
-
SHA512
6eaad3c6f7f634d1845ca4fc17004a7ff4d0fc65516253930685935d84bb726b24c8c08ac03c833dd685d28f166d320af8d88a0a99783079372d09b7bb3538b5
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
Quotation655511048786549.exe
-
Size
518KB
-
MD5
44be427375bed4fdba08762b9bfda5ae
-
SHA1
13a76b35ece8e54670d8edb3283763a1ba044563
-
SHA256
be174f7a8567521e8c3d1a7444ca65a5a6685fcae81135bd2c6af90f6aa2a8fa
-
SHA512
291ff0fef772f7714f284e5b0c2354358050a2e2891e9c50713842f8f4cabc1b860aa2f06234821c6cc27dbef0b91cbf8732a2b976062aa1ed8e2f38b3e7f082
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-