General
-
Target
efs-specialist.exe
-
Size
805KB
-
Sample
201109-1pfhrflk4j
-
MD5
50896ee9b39f1c74ae35f9bc5fc148a5
-
SHA1
9d0cfe696a1b2824ef25f090287a1f878e4f0ad5
-
SHA256
691ab1a1edb0f11965ffa5e03ffbe3c6e20f89dcfca383da602bc83fc8099af4
-
SHA512
4bde74486b748063d3885d79c95d1857cb222bfe956a50ded420e9cb55498340664183bc4e865a89810ad87e3efd98a173e5c02be2a9949d8c629a55b0adc769
Static task
static1
Behavioral task
behavioral1
Sample
efs-specialist.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
business43.web-hosting.com - Port:
587 - Username:
info@codedtunesrecords.tk - Password:
P04042017
Targets
-
-
Target
efs-specialist.exe
-
Size
805KB
-
MD5
50896ee9b39f1c74ae35f9bc5fc148a5
-
SHA1
9d0cfe696a1b2824ef25f090287a1f878e4f0ad5
-
SHA256
691ab1a1edb0f11965ffa5e03ffbe3c6e20f89dcfca383da602bc83fc8099af4
-
SHA512
4bde74486b748063d3885d79c95d1857cb222bfe956a50ded420e9cb55498340664183bc4e865a89810ad87e3efd98a173e5c02be2a9949d8c629a55b0adc769
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-