General
-
Target
Face Masks&KN95.exe
-
Size
780KB
-
Sample
200401-spvmpax456
-
MD5
9bf72d33a239963ca6098752cec3ef9c
-
SHA1
7cdf7335ee8bf451e4226fe5d3985d9eb8e27494
-
SHA256
d7b59d350dd16d5c6a39706ba5dade34574798379ac54f0fa0cbea42158435ac
-
SHA512
805a228b7f988d752a916c36847db41e8d9bcca6f1c6a24210b3aa443f083818915dbf7ba60e2af89cae8fa764dab1f077eb1a96eae9aeedafc456f3a6106c95
Static task
static1
Behavioral task
behavioral1
Sample
Face Masks&KN95.exe
Resource
win7v200217
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
lightmusic12345@yandex.com - Password:
chibuike12345@@@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
lightmusic12345@yandex.com - Password:
chibuike12345@@@@@
Targets
-
-
Target
Face Masks&KN95.exe
-
Size
780KB
-
MD5
9bf72d33a239963ca6098752cec3ef9c
-
SHA1
7cdf7335ee8bf451e4226fe5d3985d9eb8e27494
-
SHA256
d7b59d350dd16d5c6a39706ba5dade34574798379ac54f0fa0cbea42158435ac
-
SHA512
805a228b7f988d752a916c36847db41e8d9bcca6f1c6a24210b3aa443f083818915dbf7ba60e2af89cae8fa764dab1f077eb1a96eae9aeedafc456f3a6106c95
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-