General
-
Target
Scan copy.exe
-
Size
805KB
-
Sample
200710-s1s22d1sl2
-
MD5
0490849f0d0e983324374d36ba97591a
-
SHA1
4a5d478356cddf7b2117fc9b8bf894e98fbd602e
-
SHA256
9a63f91e52508b6a45b057bc3d6bfe71a76937316d65f65e6d49b765bf8e1392
-
SHA512
f05cf99affa1852e20551e2d2427b2dd564b056f03825a910ee69c36ec4a76f49ed22646fbf288fc5a2e589b1091cc42781db46f2fce04b30addd842bd855b9f
Static task
static1
Behavioral task
behavioral1
Sample
Scan copy.exe
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Simple262627
Targets
-
-
Target
Scan copy.exe
-
Size
805KB
-
MD5
0490849f0d0e983324374d36ba97591a
-
SHA1
4a5d478356cddf7b2117fc9b8bf894e98fbd602e
-
SHA256
9a63f91e52508b6a45b057bc3d6bfe71a76937316d65f65e6d49b765bf8e1392
-
SHA512
f05cf99affa1852e20551e2d2427b2dd564b056f03825a910ee69c36ec4a76f49ed22646fbf288fc5a2e589b1091cc42781db46f2fce04b30addd842bd855b9f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-