General
-
Target
80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea
-
Size
378KB
-
Sample
220521-pv8qxagaf6
-
MD5
c6d08fc27e652eed1362bd4bde557e8c
-
SHA1
f72e3bdbbd070a2042934dfc1d623096034028a2
-
SHA256
80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea
-
SHA512
99856de5bf50ac74ccb8016e0ba3f109af00b9c11ee51c810ddb251eae9a6a7ef89dce6b1f89847fe51ebe9126d315e5e86a0ed3d810eca50bd822961b670064
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
chibyke7@mail.ru - Password:
nevergiveupsure
Targets
-
-
Target
Specification Details.exe
-
Size
413KB
-
MD5
f561e022d4f785bf725ad0de24f8dc88
-
SHA1
6eda2996d502410977790be4a6976ea7747bdf2e
-
SHA256
bd7ff9e1c774994bdb69476411ede44d9b837f4f1994bdfdf620e766d500b1a8
-
SHA512
e7b6328f9b74e07489bd1b5d9edd0163d8196ae6abd0968de6924cf548825755bccb734dca47535058c2775cf992982929a085d379b7558e3fb61d0b6e95f501
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-