General
-
Target
buk.exe
-
Size
279KB
-
Sample
200714-2xp6xq8mrn
-
MD5
0adfa647a523f3ffd47fca65b3830012
-
SHA1
ef3dc8671e76d34168b0ccdf8e9e6b4004cf9f8f
-
SHA256
4c5973bceb6055158baa38a15a42ee7d983d95d2bf81b89802e2947705feabae
-
SHA512
d39e3dd4bd35b044d2833e914aae43e1af9b76e85095c054bbd8ab229acc606ee2d4646b3875eee04f97244ef076056bc190f1dff9761c578eca78952aee3ac3
Static task
static1
Behavioral task
behavioral1
Sample
buk.exe
Resource
win7
Behavioral task
behavioral2
Sample
buk.exe
Resource
win10v200430
Malware Config
Extracted
Protocol: smtp- Host:
smtp.topbas-tr.com - Port:
587 - Username:
buking@topbas-tr.com - Password:
QdWRFxG1
Targets
-
-
Target
buk.exe
-
Size
279KB
-
MD5
0adfa647a523f3ffd47fca65b3830012
-
SHA1
ef3dc8671e76d34168b0ccdf8e9e6b4004cf9f8f
-
SHA256
4c5973bceb6055158baa38a15a42ee7d983d95d2bf81b89802e2947705feabae
-
SHA512
d39e3dd4bd35b044d2833e914aae43e1af9b76e85095c054bbd8ab229acc606ee2d4646b3875eee04f97244ef076056bc190f1dff9761c578eca78952aee3ac3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-