General
-
Target
25b4d6c3794ca2f31a603314891a6c177e50696bd66357597312cb696b1e1661
-
Size
387KB
-
Sample
220521-ndlz5sgfcn
-
MD5
7c4ecd5d88a938f801bb254629128f0f
-
SHA1
e9ccde5223704088a2c926c029b896874a5442b7
-
SHA256
25b4d6c3794ca2f31a603314891a6c177e50696bd66357597312cb696b1e1661
-
SHA512
45768dfd283317cd21780a17bdeb69c2fcf232576f8746bf1523c4bf4e0f695b38b01c3e53418f305458914a27dba87e2a4f41d33c585870143bb3ef6309f23f
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sparkasse-allgeau.com - Port:
587 - Username:
[email protected] - Password:
ZXda%q#7
Targets
-
-
Target
SQQIWkxwM3mRaZ9.exe
-
Size
571KB
-
MD5
af89ddd5218877941705abe88a6d4acf
-
SHA1
44fd904a5f541182dd0d5c4de09231a930a949d9
-
SHA256
2739e1b0503de2aa0ea5e7775b2bb7277de949a30c948dc062237bd7ff43604f
-
SHA512
1cd179654f0a95341ba1b01b2a96219d8bc775471cae2518d6a59efad8b3207173c294eede4f6a8ea6e8b9522a57b592002097ba5c413045efe68b70dc323e9f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-