General
-
Target
DRAWINGS.exe
-
Size
369KB
-
Sample
200713-2q5v114jdj
-
MD5
ca8c87affb36ce80079f499ca8dd3182
-
SHA1
0fa6a924943f23db0a598903280ac8b8bea84943
-
SHA256
34cf69d94adcbf7c3646400b9d457de10e974790ffa71278291b61426005f13e
-
SHA512
ae77b5e4bbdbb0dfcad910e4eedc0280154b49d44c0ff6ca495e716bb5e5f4167dc4be6df3b6926ffd58148c42fd5eaee500b26fd745895dd190710c2f562108
Static task
static1
Behavioral task
behavioral1
Sample
DRAWINGS.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
DRAWINGS.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.blueskypaclficgroup.com - Port:
587 - Username:
[email protected] - Password:
DImeyFu0
Targets
-
-
Target
DRAWINGS.exe
-
Size
369KB
-
MD5
ca8c87affb36ce80079f499ca8dd3182
-
SHA1
0fa6a924943f23db0a598903280ac8b8bea84943
-
SHA256
34cf69d94adcbf7c3646400b9d457de10e974790ffa71278291b61426005f13e
-
SHA512
ae77b5e4bbdbb0dfcad910e4eedc0280154b49d44c0ff6ca495e716bb5e5f4167dc4be6df3b6926ffd58148c42fd5eaee500b26fd745895dd190710c2f562108
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-