General
-
Target
f2c8e12faa726152d4f592b0260ce25f5a95f85baee804fb30d0ea60c6b85a76
-
Size
1.2MB
-
Sample
220521-n8m6paaabl
-
MD5
2824fdd30fee03ef151482e7c3978745
-
SHA1
6cb3062c0d89ebf4408c1032754a6c46689d4092
-
SHA256
f2c8e12faa726152d4f592b0260ce25f5a95f85baee804fb30d0ea60c6b85a76
-
SHA512
22f60323993ad27180409132ec9e910257ab2be6bb2c545f7fd462513696f7635cfc5d444cee072a4b7439c54a8dce8fe77eabe70c70036e0a85690864251713
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elkat.com.my - Port:
587 - Username:
sales@elkat.com.my - Password:
$9921%sales
Targets
-
-
Target
DUHK48M8.EXE
-
Size
648KB
-
MD5
50de5cd6643f77da1a814ba92008d0b1
-
SHA1
fc012c0a6ade8b54f04c8c538835e513e29d1ac7
-
SHA256
4aaab375560c277ea801b5ad962d43ba1752738f1f82a361db83a717b1c93e89
-
SHA512
eb32f2c46cbf857c617fdba098d1ea3fa3074f3f83530af6950329eacab6090947b95ae6d43b5beab43c059828522e8706c27724efa49e975aa1121e5141b353
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-