General
-
Target
Verificar factura.exe
-
Size
504KB
-
Sample
201109-19l9n1k6l2
-
MD5
dd8452cb6e6315402b2722e5fd708969
-
SHA1
3f47d8d004cbab128c3646601f26e4811a67baa2
-
SHA256
1da05fe88d18a76878ea1f0822a997b2df3641e6abceae2f7dc59fe4e4995702
-
SHA512
9165b80107d3f843ccc575dbcec5629794112fe19b706a364f9e73da674ddce20bf1101cc84c447f060acbf5be56b5fca8a59e0f351b52720dc5a83f5dc52286
Static task
static1
Behavioral task
behavioral1
Sample
Verificar factura.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.mx - Port:
587 - Username:
lety@solar-pro.mx - Password:
lp475869
Extracted
Protocol: smtp- Host:
smtp.ionos.mx - Port:
587 - Username:
lety@solar-pro.mx - Password:
lp475869
Targets
-
-
Target
Verificar factura.exe
-
Size
504KB
-
MD5
dd8452cb6e6315402b2722e5fd708969
-
SHA1
3f47d8d004cbab128c3646601f26e4811a67baa2
-
SHA256
1da05fe88d18a76878ea1f0822a997b2df3641e6abceae2f7dc59fe4e4995702
-
SHA512
9165b80107d3f843ccc575dbcec5629794112fe19b706a364f9e73da674ddce20bf1101cc84c447f060acbf5be56b5fca8a59e0f351b52720dc5a83f5dc52286
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-