General
-
Target
eb1b78489380fbca7547382be83729f656a4b36ee8e51e6d37c2aa49e81dd685
-
Size
470KB
-
Sample
220521-nzw28sedc2
-
MD5
6cc50fdd178e777cdd6848aa6c4f4250
-
SHA1
ac5afcf3c9d4a2558b74702a9724f929f6d0244b
-
SHA256
eb1b78489380fbca7547382be83729f656a4b36ee8e51e6d37c2aa49e81dd685
-
SHA512
cb3b58b69b51d4e27c6b6ddb18c2143dd88e00e8557c22a6a60ed7f3ed679ba19ca6da1a0edf96962d6f3b623dfea9f6134bbcc948bd9521422b777b99a75be9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
babapeey@uniques-bd.com - Password:
7e*r%FtNt5%o
Targets
-
-
Target
Shipping Docs.bat
-
Size
744KB
-
MD5
2241254a50c93fea0b6fa3dd58096eb9
-
SHA1
09e03f2a64979dcef7cfac3256f1f4c0a6d48733
-
SHA256
2d1ed3f838936881bbcce13d13dd480e70ced0e796e6d6acd9b563dcc0c6696d
-
SHA512
6f9438f44dce56bb80f92740b02e5b8f1ca23ebceda63ab0f2bad77e8be603353c6ea1a29699db06e9720c88c4b2c7f8a06e07c67ff666280146755be8364a5f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-