General
-
Target
scan copy.exe
-
Size
479KB
-
Sample
200731-hl1pd383pa
-
MD5
439bff3720a10a5edec44dadfd4e53d7
-
SHA1
6d1b8ec46da61b2d690f15169e85deec829d45c3
-
SHA256
e71c74d33683e14022e6d0f0e7a14efcf744c7d4aec03216934dbf17eba9eacb
-
SHA512
034b8e8f0c0b7ce7e7efdc05e897fe42aef3105ed05e430c8a6a9ea5f92eacc26211ce882ac158966f0d06f052f61f2ff25c4edd5a61fdedcc17bdc00c3ea2f4
Static task
static1
Behavioral task
behavioral1
Sample
scan copy.exe
Resource
win7
Behavioral task
behavioral2
Sample
scan copy.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ogb.oils@yandex.com - Password:
Simple262627
Targets
-
-
Target
scan copy.exe
-
Size
479KB
-
MD5
439bff3720a10a5edec44dadfd4e53d7
-
SHA1
6d1b8ec46da61b2d690f15169e85deec829d45c3
-
SHA256
e71c74d33683e14022e6d0f0e7a14efcf744c7d4aec03216934dbf17eba9eacb
-
SHA512
034b8e8f0c0b7ce7e7efdc05e897fe42aef3105ed05e430c8a6a9ea5f92eacc26211ce882ac158966f0d06f052f61f2ff25c4edd5a61fdedcc17bdc00c3ea2f4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-