General
-
Target
HKSUPO202006.exe
-
Size
703KB
-
Sample
200707-bg9cfp9lyn
-
MD5
4437d2c24315480713548a0e8511c17d
-
SHA1
b024ce7b6d469bca49bc12c7ed9226696388d3e6
-
SHA256
0fafd555f84dcb876be1182b40ed4b85e7b57d8c5798243c3ed0b8421aabe9a6
-
SHA512
69be8167de86836cce9a4745a61cbd509f20e9a5ff9a14f7244890e6a3718c15d82987abce8596bf24ba8349ab626778ca9244f3ab2348f4af51a0f517f317c2
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
church12@@
Targets
-
-
Target
HKSUPO202006.exe
-
Size
703KB
-
MD5
4437d2c24315480713548a0e8511c17d
-
SHA1
b024ce7b6d469bca49bc12c7ed9226696388d3e6
-
SHA256
0fafd555f84dcb876be1182b40ed4b85e7b57d8c5798243c3ed0b8421aabe9a6
-
SHA512
69be8167de86836cce9a4745a61cbd509f20e9a5ff9a14f7244890e6a3718c15d82987abce8596bf24ba8349ab626778ca9244f3ab2348f4af51a0f517f317c2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-