General
-
Target
ec28f5019d1fb696514626c22bf9df45d511ea75d00faa5f22f7a86fdb7f0fb6
-
Size
535KB
-
Sample
220521-nqfnwshbcp
-
MD5
8e656bbeb4475f01bf58223060e43aff
-
SHA1
9afc63c8e9698656810e24d9c5adb0bbf98d9919
-
SHA256
ec28f5019d1fb696514626c22bf9df45d511ea75d00faa5f22f7a86fdb7f0fb6
-
SHA512
ef506c175bb5f509bd981aee7c5ba94a6e3e1d293f88d687e263c9d61a9ea783134db481642d53ec08406b2a7c1eeec7ba3e8950a732a76d5575255b4685b2f9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
1xH}wgu7}f%E
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
1xH}wgu7}f%E
Targets
-
-
Target
quote120485682.exe
-
Size
572KB
-
MD5
dd4e839e69d63224da693caf05e34281
-
SHA1
f8a382f169d26693f1f7d9a9c36713097e635770
-
SHA256
8cab6c0718ebfebd219f078bf3c5a7271a58c93e3f37a7a0ed1b27b91e14111b
-
SHA512
65e7fe6eacaf928555d875fcc92522a58cf5334e3f2b53fc2c63b5f82e00e35355b7363bf444a73bd00fe9c1cbb95d859664e3806dcc73934ae435d067ddf2d7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-