General
-
Target
Payment.exe
-
Size
951KB
-
Sample
200713-d29yjy6n3e
-
MD5
9270fc9507071876759925004f046973
-
SHA1
75ed8e17e9f662fbd8d0c9aa25acefe602d73f89
-
SHA256
af4f05bd033462727c03619d51062e0d9f1c346a19ba1b9df1bd3a9b593f80bb
-
SHA512
f89259a0fa784d4d561ad3b0d9d62ad98696f09df8c5e7cd47c20d51e67300e57e51346254460051fb45f60de666477fbc9d5a54ac54ded688618217a30bbecd
Static task
static1
Behavioral task
behavioral1
Sample
Payment.exe
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Blessing123
Targets
-
-
Target
Payment.exe
-
Size
951KB
-
MD5
9270fc9507071876759925004f046973
-
SHA1
75ed8e17e9f662fbd8d0c9aa25acefe602d73f89
-
SHA256
af4f05bd033462727c03619d51062e0d9f1c346a19ba1b9df1bd3a9b593f80bb
-
SHA512
f89259a0fa784d4d561ad3b0d9d62ad98696f09df8c5e7cd47c20d51e67300e57e51346254460051fb45f60de666477fbc9d5a54ac54ded688618217a30bbecd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-