General
-
Target
c742e21da2ffb1c3b25b55190dd42edd4de5cbdf1b36c2aed43a6f2133d7b68a
-
Size
429KB
-
Sample
220521-nz36jsheeq
-
MD5
3882bdf11138a7556062384a42d4c20c
-
SHA1
465f7f06c053541307baf26bff24744c23d3e45a
-
SHA256
c742e21da2ffb1c3b25b55190dd42edd4de5cbdf1b36c2aed43a6f2133d7b68a
-
SHA512
e673edd2306a038db09bb42d4eec0be10d8dd0827ddbda0b3d1c4bb7606cbb90df9ca08981098f2467eaf833de4e1cd14733d7eb76ab70a22cbbe0b63ba4ef94
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.mx - Port:
587 - Username:
reclutamiento1@cosea.mx - Password:
4l3ly2019.#
Extracted
Protocol: smtp- Host:
smtp.ionos.mx - Port:
587 - Username:
reclutamiento1@cosea.mx - Password:
4l3ly2019.#
Targets
-
-
Target
08007999989new oreder.exe
-
Size
586KB
-
MD5
2fc1c0f45155d60d37970757f9ad4330
-
SHA1
a2c93f1092d00d22017d694d0438ecdd4e8da21d
-
SHA256
13c9499e991400d246780236964110962133b99365811b15e94a9aed28fd0f02
-
SHA512
6d85d3bf6e0952168f53dbddf11e5ce5c770651cd2117c5ae2e0bbbc801d2c31de11f43e8ad594624c2b891c92ecde0fef3ece31cd7160ad8e1d44da19b453c9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-