General
-
Target
0ea05fa1a2e9b96aeb35fecd889298bf6d67bdd12e2e5810a07e45bff86d2c9c
-
Size
373KB
-
Sample
220521-ppfsyafgb2
-
MD5
67a0a5ced3d26f4d7c8c0359d791b63f
-
SHA1
bc8e3b038b0b51a40b263b678cf0d78848ee895d
-
SHA256
0ea05fa1a2e9b96aeb35fecd889298bf6d67bdd12e2e5810a07e45bff86d2c9c
-
SHA512
af4bebb73709ab4514384e1cafec1b32dfba7bce5f26f23430a98dd3e1c9463fb5bf0d2f43610757bc9e7ae5dd011e15a8c8a72158a8b7ebcaad891961c2c8a4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dsb.co.th - Port:
587 - Username:
chakrapat@dsb.co.th - Password:
Dafnke23
Targets
-
-
Target
New-July-PO-07545767-TR768669-Order_Sample-Quote,xlsx.exe
-
Size
412KB
-
MD5
495fefe3f258ab11a285d3fddf0ac160
-
SHA1
f2f9c5b1f8424715ed3263cc3bb2de9c4535940e
-
SHA256
0be3470e0c0afeded793f139be36a34de63714490ff86e5a9e0fa9a584ea20cc
-
SHA512
f6c8980dfa3d2c0a7810076820ebb7be494314b8e9fbbefdec57ded94e680dd94a9159d0735ace6495769d11d1efb71862b79a90fa9c88f45afae25d671c1847
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-