General
-
Target
3de0d0bd30378e7cb766acb922d5301f70f0b1decb179a615dd0b2122e9c30cf
-
Size
225KB
-
Sample
220521-n9c24saaer
-
MD5
7c6173e0d05074baaac91acbbe1f5e5a
-
SHA1
4595972a500852eb05a70c6a49235f9e3e1df2e7
-
SHA256
3de0d0bd30378e7cb766acb922d5301f70f0b1decb179a615dd0b2122e9c30cf
-
SHA512
acff8523840ab5c99fc4ad38698cfe4ac58519eee1379848af1529b43dbdbd93da82e669f9b9bb820af311e9664191f27b303ea9b2f6506aef65be6533ed021f
Malware Config
Extracted
Protocol: smtp- Host:
mail.spamora.net - Port:
587 - Username:
dada@rnedisilk.org - Password:
dada123456
Targets
-
-
Target
PO374784_2020-05-14_02-36.exe
-
Size
251KB
-
MD5
542bc8a3df6efaaf3195afab17d060a7
-
SHA1
bca30ecd4f3bdcf275bc5e70ae1720c82e382bba
-
SHA256
ea8e9239046f61435debbb3f3905634158e2fedeed56e63e4311d96f1c419c84
-
SHA512
701eaef8040d4b74747f41f721220e927a9abd4752e8934143ada82c62b61620b7417315568087255b54e65a2b05c01a044b92846f1c5b0bc419e87574af4896
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-