General
-
Target
YdvJnnnDX0FUKjI.exe
-
Size
290KB
-
Sample
200713-ftgfhp3qdj
-
MD5
1795c0e7a5c67752a3e13c5a0f6ce9af
-
SHA1
509635b13636a2b0dc5308270fbabfdfa4e0a020
-
SHA256
6fae5955bfeac6e762f65fabedb2be2fdcd385347e6b9db19825096ee2ebd9a1
-
SHA512
ed7384717a3c6c63b53188b73a46c57058f4bd327c14fb11f23ae7e8c42cf7f63a7e0aef6914cc08301b4615d3f3d9d87c56037a37e4e57269e63703d53683d2
Static task
static1
Behavioral task
behavioral1
Sample
YdvJnnnDX0FUKjI.exe
Resource
win7
Behavioral task
behavioral2
Sample
YdvJnnnDX0FUKjI.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.arhigraf.ro - Port:
587 - Username:
[email protected] - Password:
kH~2kU(;kEtR
Targets
-
-
Target
YdvJnnnDX0FUKjI.exe
-
Size
290KB
-
MD5
1795c0e7a5c67752a3e13c5a0f6ce9af
-
SHA1
509635b13636a2b0dc5308270fbabfdfa4e0a020
-
SHA256
6fae5955bfeac6e762f65fabedb2be2fdcd385347e6b9db19825096ee2ebd9a1
-
SHA512
ed7384717a3c6c63b53188b73a46c57058f4bd327c14fb11f23ae7e8c42cf7f63a7e0aef6914cc08301b4615d3f3d9d87c56037a37e4e57269e63703d53683d2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-