General
-
Target
AT.exe
-
Size
672KB
-
Sample
200709-3h8yl2v29e
-
MD5
713f89671daa7b8a669b72f0df80c662
-
SHA1
e6a6c838588c62a1ed199f3ac580bad225b60ced
-
SHA256
faba6cc8e2795ec5c1f2a44829767bad991892d00c8c3374cc8723f15402e97c
-
SHA512
5fbc5f60edd8fcaf7cae1a437a8bbb7511d41356406279987adc9b860148535c8b55822d64b137112f624b017b7e72fda02142c34c9e302f632ea665fbd48582
Static task
static1
Behavioral task
behavioral1
Sample
AT.exe
Resource
win7v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.halalemporda.com - Port:
587 - Username:
[email protected] - Password:
Hmmf@2020
Targets
-
-
Target
AT.exe
-
Size
672KB
-
MD5
713f89671daa7b8a669b72f0df80c662
-
SHA1
e6a6c838588c62a1ed199f3ac580bad225b60ced
-
SHA256
faba6cc8e2795ec5c1f2a44829767bad991892d00c8c3374cc8723f15402e97c
-
SHA512
5fbc5f60edd8fcaf7cae1a437a8bbb7511d41356406279987adc9b860148535c8b55822d64b137112f624b017b7e72fda02142c34c9e302f632ea665fbd48582
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-