General
-
Target
d8f349423609a0ba6ac722d59a263044d1ee5403ae8a32011e9a7f88ca4a4918
-
Size
533KB
-
Sample
220521-pr4yjsfhe4
-
MD5
8dec50ca2059cfc09047773e73e4befe
-
SHA1
a2e7009a381a68243f838b08c5f4f87058f1a9f5
-
SHA256
d8f349423609a0ba6ac722d59a263044d1ee5403ae8a32011e9a7f88ca4a4918
-
SHA512
a0916d83b9466526aa05ddf37d4c7cd306574516fff60d2b945baad02cbf89a42fdee7fcb3de17618c6a891a1cea983c322a2631de9739aaaa8da4151c2872ce
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ola4tai.com - Port:
587 - Username:
log@ola4tai.com - Password:
ZKOfovXE4
Targets
-
-
Target
RFQ-August.exe
-
Size
786KB
-
MD5
97e962e4eba373df313385f15cce7211
-
SHA1
e5c6bc69385f09ee186e0fbd78a5a84a91974e14
-
SHA256
230e96f9118ac3ca1c34972b1d270cf12b69755bef0f049db0197552a5c61cde
-
SHA512
2d676f5bb2863d7e072aeaf47d096658133b8b864ba8c2aea43356146c36af42bbde403aa1c0c0020a342acc35af3810715a2032294821c07f92a6401f1ac369
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-