General
-
Target
PO.exe
-
Size
435KB
-
Sample
200629-fe3h25h8ce
-
MD5
28159c2ff019251165e9d2ada70be08e
-
SHA1
94cbca8d04f668b0a3d71053077ebfe30b713530
-
SHA256
404d422ffb09a4f24ad333ccdd211d0eb2ea84b650f095baadf3443fb6deb7b1
-
SHA512
ba0f192b535a992f609028e34d2764245827a28f02f19f0ef43b6c37152b4d177353b04e372d3c48257f44fa864b25954a25b8d560e22392ba3edb610361c35f
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.condeunt.com - Port:
587 - Username:
arqueries.singapore@condeunt.com - Password:
EM(ufuT3
Targets
-
-
Target
PO.exe
-
Size
435KB
-
MD5
28159c2ff019251165e9d2ada70be08e
-
SHA1
94cbca8d04f668b0a3d71053077ebfe30b713530
-
SHA256
404d422ffb09a4f24ad333ccdd211d0eb2ea84b650f095baadf3443fb6deb7b1
-
SHA512
ba0f192b535a992f609028e34d2764245827a28f02f19f0ef43b6c37152b4d177353b04e372d3c48257f44fa864b25954a25b8d560e22392ba3edb610361c35f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-