General
-
Target
e29fe80330ae25051dc3e6432bd768d27732969e9896d337d35ada84a8069aeb
-
Size
381KB
-
Sample
220521-pegx9aadap
-
MD5
9eae598ae1d53f51f46bd3267df64d56
-
SHA1
4e8c09d84155dd818b59740eaa8bbcd1a1f2e40d
-
SHA256
e29fe80330ae25051dc3e6432bd768d27732969e9896d337d35ada84a8069aeb
-
SHA512
6960fdd322280547dbe27e2c6343967e530712c3a462b2b79dc938355831e8a5ebb2985c1305a19467959799fc80a1b761cc9c70bffdb52c98744b77854f398d
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
ekwe@epaindemgroup.com - Password:
}bf9e+EW5s$k
Targets
-
-
Target
report.exe
-
Size
434KB
-
MD5
b7282b547c6734d69aa84daa020640ec
-
SHA1
764b453e1fb4dc58b11c194a4b2f7c936375b77f
-
SHA256
1cca3f293c7942a4e189397953842dc4510cb9a25019de5e22134a629ae09ce6
-
SHA512
469d4b7807fd1dc6c05eb22775b1f8fdefd7f71190f00d5451ea39ffe318ce6c3003f7e60aa6f6510d2a86c7eecdc89d8c6ecffab260441da98d5dbb922e2356
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
ReZer0 packer
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-