General
-
Target
6b358e7947ac67fa83c41b8ea0616367ef7fc381af1c75a63fddc135bb012ac9
-
Size
369KB
-
Sample
220521-pwnr5abcgl
-
MD5
142467d4e209bfff239ee1f58a59ec27
-
SHA1
8e1cb0d2443996cf6d0e686316a0b9028b42c64b
-
SHA256
6b358e7947ac67fa83c41b8ea0616367ef7fc381af1c75a63fddc135bb012ac9
-
SHA512
1469f0a35ebdc80ff0f92628af45e3c183250573e9dbf6e93e506740ef7595d0f87c23464f38afa8d0b336fb1ea12e68fcab86da51d0ee306a5a8242be59cb34
Malware Config
Targets
-
-
Target
PO 4800049984.exe
-
Size
405KB
-
MD5
ad5ecefbac91d7cee3191da22872e2ec
-
SHA1
c4c6bc3ce6e2ee682982403e97eb5364ebd9b01d
-
SHA256
301c31d38f7cb13d8128b53666c66e251d7a398c1b0fdae66d52ab0d377852ef
-
SHA512
0375ba09e09e00c63aa8d20d3c25751139c2b5bfc98f8664258349b696a0edc001c5070a38968325887943b8b07a8c6b8f89a8ca1c10c41db7113c2ae568cd87
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-