General
-
Target
ad7afc77905a422704608863c539783bef28acc4cebb3b22bc061ff3ed59ff3d
-
Size
385KB
-
Sample
220521-ncwg7adea6
-
MD5
586a662f90888118aaeef7fe9c7312db
-
SHA1
da7402cfc1fd8530a73b2dd9012a362c6a93e1fc
-
SHA256
ad7afc77905a422704608863c539783bef28acc4cebb3b22bc061ff3ed59ff3d
-
SHA512
49ec5c64d8c48fe07985361e7547ab778ee562892b562d990159409c5a3edd3a6486d350bd70af825f510094741fd3bd90b8a2c36ad841eedf7be22f245a3235
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.solivera.com - Port:
587 - Username:
[email protected] - Password:
.7S+{Gv&\{
Targets
-
-
Target
order 5500065035170620.exe
-
Size
426KB
-
MD5
81f65f990a84c6f185606ff67470c306
-
SHA1
e256b306db229b5f4302b470b59accdf94a5c824
-
SHA256
5cf1f9fd8a8000ae58fa7607a3201c6abfbc9a352d90e589ef1d93317336c881
-
SHA512
5c54323b514bb3fe1d2eb7e9da9ba4c1f882e9e4afdba56d4347a5c212576dff63258060a8313536950fea4d9746df652d226c148f41ba0e55bc3babe74eb1ca
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-