General
-
Target
Q0001DA.exe
-
Size
720KB
-
Sample
200707-95ep3ens5j
-
MD5
44e580df6cc98551d69220f7e3201684
-
SHA1
0544efea1c311e4fc93f95005aed42838d217b3a
-
SHA256
15de86087381df23faff003d4d1f7e5fb361ef730c28226405842fba3845af1f
-
SHA512
01ac5ea003900245507d15b20e430ff2f5b392de0db015fba150fa46e87b38d25c8feae0c688c8b642b692b1cd31b35e3fe6d6da73b0672087e586c0d6d56f6f
Static task
static1
Behavioral task
behavioral1
Sample
Q0001DA.exe
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Mix2lower12?..
Targets
-
-
Target
Q0001DA.exe
-
Size
720KB
-
MD5
44e580df6cc98551d69220f7e3201684
-
SHA1
0544efea1c311e4fc93f95005aed42838d217b3a
-
SHA256
15de86087381df23faff003d4d1f7e5fb361ef730c28226405842fba3845af1f
-
SHA512
01ac5ea003900245507d15b20e430ff2f5b392de0db015fba150fa46e87b38d25c8feae0c688c8b642b692b1cd31b35e3fe6d6da73b0672087e586c0d6d56f6f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-