General
-
Target
Document.ace
-
Size
365KB
-
Sample
201122-yd1ljwtbcx
-
MD5
81866f44da37112a1be49a22dd1db253
-
SHA1
fd1b4f1a357a602dd38be2f17478e4aa275186d5
-
SHA256
5bb4c9293c29135c5b096ae21d8df623cd5011d027ed2a43a12253bd2f6af769
-
SHA512
80bd00c0736cdae89fb0d8401344ee615315fee5a36f8234434eb0e73858d93dd3f1cd06013733707adb47741b302427b9b945f3df4110b61d793203a7b3bb29
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.empromae.com - Port:
587 - Username:
sales@empromae.com - Password:
p@tience0!
Targets
-
-
Target
Document.exe
-
Size
428KB
-
MD5
064388168b41070ce51fc60fc447e0ea
-
SHA1
63f95b82db51e74788f62997a204fdfceb5a00ae
-
SHA256
6ee79ca49e612fbcd50014d3a01ecaffd022b10f72d9d6068e8a64f594089709
-
SHA512
bb6af7a86cb377dacc0b00406d8f4a022acd5cc8b559da22744960022907c7c121f2c73771a7e7151fcc99b70f86f1b4616a03cb30d767473f6347cca964c751
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-