General
-
Target
cdeebfd761066807f514e1f6f398ba7211093ee953c0cfec3151257eda1d7237
-
Size
428KB
-
Sample
220521-nzqkfshedn
-
MD5
9d295d17d1ebfa4f3a3cb1f7c0b11557
-
SHA1
407c03a77b21f3b5076d4d6b34f21460d0de677d
-
SHA256
cdeebfd761066807f514e1f6f398ba7211093ee953c0cfec3151257eda1d7237
-
SHA512
80fb7bca0cde42e12063d6ab6ee269dee4b1eb1db126c87c3c9f0f9b7acbf2c6e77698fca05b9b3a1e15bebc4820e29cb9f8d768cc85845c8805383d5c80c2cd
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
richardaderson2@gmail.com - Password:
iefjtgbwxjcwxeww
Targets
-
-
Target
Purchase Order Needed.Pdf.exe
-
Size
1.0MB
-
MD5
a67bd793586a4318710f2ea5f708124a
-
SHA1
b15d5ffc7a92073b248dd8ced531dd74e226a069
-
SHA256
314843bc96cbfa3115bc86edd37758ecdaaf6af6ae543a64014e921fda7294fb
-
SHA512
66adc8b61a06c2c3a8b84c30829939ca42731b2b0cf03e8776d87a0baec389807525234e95ee83927bb9cb48b58358e18b297711596b8521a1c969faa36e80c1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-