General
-
Target
2Fw4Imyy4AP4gQX.exe
-
Size
605KB
-
Sample
200625-lwzpnlazc2
-
MD5
93ccd4151365228cdb632dbe01cfbdc6
-
SHA1
8ad3e4999c8686481430b9f03b060fa1a37ba5e2
-
SHA256
200e5b0b9f6c2ff5f4cce4653f467b8861983a566a6b5b68c878da8c0f30de4c
-
SHA512
a13807ab11cd53ba676fb66551723f202f86947e4dd37deff8b9238285474138b3564816b5c94f226b6af612cd1c52c843c46484c3939b189ad99a4f3e49746b
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.macrosyselectronics.in - Port:
587 - Username:
admin@macrosyselectronics.in - Password:
@prosperity1@
Targets
-
-
Target
2Fw4Imyy4AP4gQX.exe
-
Size
605KB
-
MD5
93ccd4151365228cdb632dbe01cfbdc6
-
SHA1
8ad3e4999c8686481430b9f03b060fa1a37ba5e2
-
SHA256
200e5b0b9f6c2ff5f4cce4653f467b8861983a566a6b5b68c878da8c0f30de4c
-
SHA512
a13807ab11cd53ba676fb66551723f202f86947e4dd37deff8b9238285474138b3564816b5c94f226b6af612cd1c52c843c46484c3939b189ad99a4f3e49746b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-