General
-
Target
bf2e76ae07225a8a4d33351d0f99589f69fcefa5f6ddd98aeeb5b2bd9fd82f6b
-
Size
556KB
-
Sample
220521-nd6pjsgfen
-
MD5
04958fa08d40e6d99ac6e346941ca5d0
-
SHA1
93ed2b983fb75d2d46ea56f96b7867133b1d8715
-
SHA256
bf2e76ae07225a8a4d33351d0f99589f69fcefa5f6ddd98aeeb5b2bd9fd82f6b
-
SHA512
b6f988d72d80b363512000e2b4a6980f315213c4b9e0fc844665658eff18e200f66c92d7dc731db11ae4e8f5511cf304d0a6451c4cfea302389c71288a0df7af
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.active.by - Port:
587 - Username:
[email protected] - Password:
QWErty654321
Extracted
Protocol: smtp- Host:
webmail.active.by - Port:
587 - Username:
[email protected] - Password:
QWErty654321
Targets
-
-
Target
Payment Transfer Slip.exe
-
Size
706KB
-
MD5
90bd06de49d3e571ea2c4edd225738c3
-
SHA1
0113e3a212bfeeb5f905279f5b131dc880a4ab76
-
SHA256
53af62936f7cb4fcbcb2775be40606aed87def8af75821520ebd857dc91370c1
-
SHA512
91b61e057d7ce58eb546c22d11a28fa835a5a1c8bd5fc601f190600d6d312ef1512d2c1041502346478af57fae127dd17d42dfa7fd6e18052ef229f0e019feda
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-