General
-
Target
b736ea72173953adc85df68fdcf182bfcf2c81f77cfa55325aa897ed651354c6
-
Size
491KB
-
Sample
220521-n9s4bsaagn
-
MD5
8d1ac2d908e8e4947668e91565deb93e
-
SHA1
4e3848696753c1df364a91511e697b7d60c7d4ba
-
SHA256
b736ea72173953adc85df68fdcf182bfcf2c81f77cfa55325aa897ed651354c6
-
SHA512
bf61d8c173b3cbc3d2803b0a29b27425b96d98788d747fb507f83aac4b84838f6c345fb5345f3977266f99c506f64498b5a68302a6d79045cba1440bc4c87081
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.samlogistics.pk - Port:
587 - Username:
imp@samlogistics.pk - Password:
Seaimport121@
Targets
-
-
Target
45lKbSGkksvdkuV.exe
-
Size
525KB
-
MD5
e2c8add2e31a24b1198ed672e1f256bf
-
SHA1
1a8c6074727e6a29b068e8ea322a24b3391715df
-
SHA256
4e25b6d4521cf58ad62d8c11c621c6f54d4ebb0ee8f50cebd904c882e6c9a66e
-
SHA512
ee3b372f060a6d01c20a40fd1249e395fde9df6f90acc573ce37093a9ccd17492e9a5ac6e14edc4d8c3e20c9dcf7a3201e6e67e45f7e369dbcb81a5d0f9ad44d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-