General
-
Target
06391ebfeb50037ed9aa75ad6ef71f05ada13df4de07b543a50734054d5425ad
-
Size
653KB
-
Sample
220521-ntj6gsebb2
-
MD5
074f818229566f928f409238a7f7f5c0
-
SHA1
83b6483084be84b4808395e6e93b6444898d95d2
-
SHA256
06391ebfeb50037ed9aa75ad6ef71f05ada13df4de07b543a50734054d5425ad
-
SHA512
11594ceac3a263a00b6fca3e5098b1ed155f4439bd2b3cdf4dd2c4ab43c2bd31bb1ea5d8ecb9336383a49bac3cedf2d14e848fdb0df916fb3332c69d6c9fd634
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.radiomeff.mk - Port:
587 - Username:
wc@radiomeff.mk - Password:
qazwsx@11
Extracted
Protocol: smtp- Host:
mail.radiomeff.mk - Port:
587 - Username:
wc@radiomeff.mk - Password:
qazwsx@11
Targets
-
-
Target
ORDER FORM.exe
-
Size
940KB
-
MD5
283d04eedf51eaea26dfad81b7321e7b
-
SHA1
2b0d0d99c8528e216299b987fa714dc6a7a1ee57
-
SHA256
091fa5c2da8704e463202cad1bdd4f766ca66c28b3f60348c03288c4d4c3ce32
-
SHA512
2cbd2d657760594cb002d024e6fd28f0b31aa3655e07f50c12b3bca4704e5dc5874b6b44714a5e176caf4b38279f25035a473b8c372734e7401130cd83c6b4d0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-