General
-
Target
Scan Photos of products and artwork.img.exe
-
Size
552KB
-
Sample
200716-epn9jm1spj
-
MD5
468b7ce77fc3beed814fae4520edf901
-
SHA1
97675936f4cf69a0f0d5af641fcdc59319d47f19
-
SHA256
5304693d6029d4d724fbf463b0850f718f978c96f2851769c6e5d83c6995c41f
-
SHA512
188811256f22f3f2253abcbfc0e95f5a3320af581828887567e19b1716531e4ac5cacd401d763cdaa13fa91c56ce193829b6665b35a212be90aab6f979696c68
Static task
static1
Behavioral task
behavioral1
Sample
Scan Photos of products and artwork.img.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Scan Photos of products and artwork.img.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
bh-58.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$
Targets
-
-
Target
Scan Photos of products and artwork.img.exe
-
Size
552KB
-
MD5
468b7ce77fc3beed814fae4520edf901
-
SHA1
97675936f4cf69a0f0d5af641fcdc59319d47f19
-
SHA256
5304693d6029d4d724fbf463b0850f718f978c96f2851769c6e5d83c6995c41f
-
SHA512
188811256f22f3f2253abcbfc0e95f5a3320af581828887567e19b1716531e4ac5cacd401d763cdaa13fa91c56ce193829b6665b35a212be90aab6f979696c68
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-