General
-
Target
Függőben lévő számlák.exe
-
Size
683KB
-
Sample
200708-kcb3nzpbk6
-
MD5
f5f388651f032c61ee2360ff4b96424c
-
SHA1
50b568b96d32c69b760b9c8fab432a7a272ae16b
-
SHA256
f16ce2e727287e9b40a9d148b2b6b3c8ba538be0e5e5b5d50829813907fa4194
-
SHA512
3f170294abfeb94d6a63b4b20ef7e6aa7e96ca8e5364dbe573d28f575465da491836d32b5ba4ddbd1552afdf8244d0ea14a55c81acbfedb21b41bd012cc07afe
Static task
static1
Behavioral task
behavioral1
Sample
Függőben lévő számlák.exe
Resource
win7v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW203@Z7
Extracted
Protocol: smtp- Host:
mail.gascuenca.es - Port:
587 - Username:
[email protected] - Password:
gasW203@Z7
Targets
-
-
Target
Függőben lévő számlák.exe
-
Size
683KB
-
MD5
f5f388651f032c61ee2360ff4b96424c
-
SHA1
50b568b96d32c69b760b9c8fab432a7a272ae16b
-
SHA256
f16ce2e727287e9b40a9d148b2b6b3c8ba538be0e5e5b5d50829813907fa4194
-
SHA512
3f170294abfeb94d6a63b4b20ef7e6aa7e96ca8e5364dbe573d28f575465da491836d32b5ba4ddbd1552afdf8244d0ea14a55c81acbfedb21b41bd012cc07afe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-