General
-
Target
eed000c07ec0acbc2680e49fe5392a91db3f292dde9ae67f933970f6a34723c4
-
Size
312KB
-
Sample
220521-nylvwahdfr
-
MD5
3ada3871f6ab24e3010ce44c7fe72117
-
SHA1
9cd9ddc73bb254e6209ca1828890ebae79ef5149
-
SHA256
eed000c07ec0acbc2680e49fe5392a91db3f292dde9ae67f933970f6a34723c4
-
SHA512
68a03c2110b0b39a2256e4dd4369ef5e8906d5d234e6812a2dcc4d5cc6cf9e957260523fe2cbcedf6848f3173a29b0ea2e987c120d6f99cc5f354ad0d6539dea
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.westcong.com - Port:
587 - Username:
sb@westcong.com - Password:
welcome123
Targets
-
-
Target
EDG95320200205005000471_126_953.pdf.exe
-
Size
709KB
-
MD5
d1a7f1ccc8798a642d173d4f012d1451
-
SHA1
adea4919c4884ff7b7828246f0e8935d556769af
-
SHA256
9bf920c66f4a0d3e6b6ad48158f1d70c40d1f294ed8074dced3000330f63fa0c
-
SHA512
a079b58cdbed1e0c6d9cda8ba1cae49a16069487c6e2c0cc9d7ede66e5e1c63664704aacc44d946477e868381fa2a580970f822772c75ef29914284fdef61a23
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-