General
-
Target
b0573c1b945e1199f5f31ababd773810b4e5687cc5b79cc4f1ea7560876562b6
-
Size
389KB
-
Sample
220521-ptqhyagab6
-
MD5
4cdee623346559b7ffbe9f68502d3c1d
-
SHA1
43b538acf7f6afda1db7db9ae4db23e03a2b9264
-
SHA256
b0573c1b945e1199f5f31ababd773810b4e5687cc5b79cc4f1ea7560876562b6
-
SHA512
570d92e710f73f2633e90db894d6e3fce860c5b6764219424f0269feeee312cdfd393c6fbdfa5a2c2b65b332b8e9a0391f1af1b48e34c75e0bfadf96248d9df5
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.candenizcilik.com - Port:
587 - Username:
info@candenizcilik.com - Password:
519025
Targets
-
-
Target
IMG 24344 NEW ORDER_PDF.exe
-
Size
436KB
-
MD5
b035dca1c45df0d51fcd63889e4d9096
-
SHA1
46709b2bc3ed148a85aa0bf56f1f4f3de439997d
-
SHA256
e6a6aaa90584d600b801a14dab920d9ce945523a5620029b978f8d236cbbde9e
-
SHA512
fbdd6b97635c61934d74044cb4c56aac59b73daed6d8eb2dcd64df4dea8db97670b6ca53e52ddd5dd9e68650d7157b5fc41d2c48a1847ff8c355137b263338c6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-