General
-
Target
06120.PNG.exe
-
Size
406KB
-
Sample
200630-tn5s81a9ts
-
MD5
c3324c44cfabf206b7fa36078943053a
-
SHA1
5d724c0983a2e45630bfe511f8fe72f4b0fa961c
-
SHA256
b7a402b7f1f325a60c5e39f8b156735d0eee8310abd57b3522dc529646a6253e
-
SHA512
236d3de94994bd8ae2c4676d85bc0f55a440f39d5550459c95d67fb0eadc660ff0e1963c09e959be9e4ae234c5918db9ce1817368220a99f969d43e913c1168f
Static task
static1
Behavioral task
behavioral1
Sample
06120.PNG.exe
Resource
win7
Behavioral task
behavioral2
Sample
06120.PNG.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
ike2020.xyz - Port:
587 - Username:
amara@ike2020.xyz - Password:
$logs2020
Targets
-
-
Target
06120.PNG.exe
-
Size
406KB
-
MD5
c3324c44cfabf206b7fa36078943053a
-
SHA1
5d724c0983a2e45630bfe511f8fe72f4b0fa961c
-
SHA256
b7a402b7f1f325a60c5e39f8b156735d0eee8310abd57b3522dc529646a6253e
-
SHA512
236d3de94994bd8ae2c4676d85bc0f55a440f39d5550459c95d67fb0eadc660ff0e1963c09e959be9e4ae234c5918db9ce1817368220a99f969d43e913c1168f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-