General
-
Target
090900IMG.exe
-
Size
960KB
-
Sample
200713-fnkg544c9e
-
MD5
8b2cb661eb834522ace01c32dd499d67
-
SHA1
42ef864a4421177fc2f3953fba8aed7d4e240896
-
SHA256
8d599235c96bdb90cab54d06e9fd6265cb64ba755f3b0568de7cac39e6984f6a
-
SHA512
420921bf2c9c43f5c5062991f06ffb9e654da734f878795b43c9ca0a61a6c568b58253a269c10322865878a45bb29a3bea16d60e4a5918f310b368cc2f7d4e3a
Static task
static1
Behavioral task
behavioral1
Sample
090900IMG.exe
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.petekyazilim.com - Port:
587 - Username:
[email protected] - Password:
petek19721972
Extracted
Protocol: smtp- Host:
mail.petekyazilim.com - Port:
587 - Username:
[email protected] - Password:
petek19721972
Targets
-
-
Target
090900IMG.exe
-
Size
960KB
-
MD5
8b2cb661eb834522ace01c32dd499d67
-
SHA1
42ef864a4421177fc2f3953fba8aed7d4e240896
-
SHA256
8d599235c96bdb90cab54d06e9fd6265cb64ba755f3b0568de7cac39e6984f6a
-
SHA512
420921bf2c9c43f5c5062991f06ffb9e654da734f878795b43c9ca0a61a6c568b58253a269c10322865878a45bb29a3bea16d60e4a5918f310b368cc2f7d4e3a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-