General
-
Target
76386854T.exe
-
Size
635KB
-
Sample
201109-26qgvt4njn
-
MD5
cf4ff8c3a102b4cb69270c3cf108d7c1
-
SHA1
909097f8b1d74fa3f6f7558c54bbbf2c19d30d6c
-
SHA256
9b3b617d547ad65afce792604f76255ab1341a7d04ed165046101b1879032ccc
-
SHA512
5539b4ed0aca6c9cc1719c2e236464fdeac0b1a602739cbe11a73c78293b208c1da7d0200fac3831c84dbf09729b9d1d52948025b47cf16876c8e9ab91afe924
Static task
static1
Behavioral task
behavioral1
Sample
76386854T.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
workbox1996@mail.ru - Password:
08140480968Julius
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
workbox1996@mail.ru - Password:
08140480968Julius
Targets
-
-
Target
76386854T.exe
-
Size
635KB
-
MD5
cf4ff8c3a102b4cb69270c3cf108d7c1
-
SHA1
909097f8b1d74fa3f6f7558c54bbbf2c19d30d6c
-
SHA256
9b3b617d547ad65afce792604f76255ab1341a7d04ed165046101b1879032ccc
-
SHA512
5539b4ed0aca6c9cc1719c2e236464fdeac0b1a602739cbe11a73c78293b208c1da7d0200fac3831c84dbf09729b9d1d52948025b47cf16876c8e9ab91afe924
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-