General
-
Target
6b0fe1f4cfb10e06abc3603956fcf0953de6e4ab63a034665d449b4f880366ef
-
Size
325KB
-
Sample
220521-n6qtsshhcm
-
MD5
3668fc5c56b2a376e8cefb0171ea15e2
-
SHA1
72b02f669454dffe97723340b19d020c1aaf19e9
-
SHA256
6b0fe1f4cfb10e06abc3603956fcf0953de6e4ab63a034665d449b4f880366ef
-
SHA512
e1d64b6280e25b795182b20586234c20861531500cf7f07ea916fec0908861b9997f6f7f7430b0524250d5999e51efffe1df53f329e4ab9bb10bdd99851f56e4
Malware Config
Targets
-
-
Target
Purchase Order - 8279018110.exe
-
Size
368KB
-
MD5
ce16e76c031c756a7580719e65e0ff63
-
SHA1
cde97cb49d940071dc5b5d0cb4af0e59ce2a830c
-
SHA256
09d051ae9f992668f4b86a538c3483174f491cd16b18ca1e6799eaf1506e4a87
-
SHA512
ddd5c2241e07b4d1610d13312e118d0b7558fbf38dc0b4a828f773b4de2ea85a36805940193fe28b3405bdfdc33546f949716471e81c1d737afffec93bd21b7d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-