General
-
Target
96a56acf9ba48abbec42499cc3e59297ccd79afb3e166d9c4ffd7c34875b7cb8
-
Size
601KB
-
Sample
220521-nbpy1sgedj
-
MD5
7412e7f8ec86f284b4e0a2fbdb05a9a5
-
SHA1
6471b41ad5b178559aa4af4bfe969ffc2f7aec8a
-
SHA256
96a56acf9ba48abbec42499cc3e59297ccd79afb3e166d9c4ffd7c34875b7cb8
-
SHA512
799b9c46574c8efb60d662f2cd260727f0c0f68cb742e78cffa3d6c10860e0cc5ba0321a7a29734e8c6f48b57992c0c790d3ebab05fd09fdc0f3d9a15b151a6c
Malware Config
Extracted
Protocol: smtp- Host:
mail.prinutrition.com - Port:
587 - Username:
forrest@prinutrition.com - Password:
forrest
Extracted
agenttesla
Protocol: smtp- Host:
mail.prinutrition.com - Port:
587 - Username:
forrest@prinutrition.com - Password:
forrest
Targets
-
-
Target
130003150.exe
-
Size
660KB
-
MD5
7a968158b9741fc52607f73b6f2a3d60
-
SHA1
08cb17546a07ebbee90681447061411efc492229
-
SHA256
c54cf445744aefec5a42006354295fd7b1adff5ba3c5d4906f7df4fa4a4076eb
-
SHA512
95892aa575bbf19f1b8da6b1d08c274cf93e6b8e2fdd318443427351a0fbac4af814192e13cac9e935a94e6e61c176019767c81b2f9aa12caea55485494c9b1c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-