General
-
Target
914e8a972323d13655a858dbeef68ecb.exe
-
Size
398KB
-
Sample
201109-723hdtqc66
-
MD5
914e8a972323d13655a858dbeef68ecb
-
SHA1
e4acf88e66d758a2d1af678f56a1f4845acc2dbc
-
SHA256
94538948c885f55d6120782322773ad9a34d7c9c318938c850ac6d55bdd3ad52
-
SHA512
e810b4850a4053037ce49b00a9b1038696c02e87443b014c21a6c10256cda78c540bc16502ea951239ab7e347fc16421e1fa51e8a8f00945ddcd1390537e81b2
Static task
static1
Behavioral task
behavioral1
Sample
914e8a972323d13655a858dbeef68ecb.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
914e8a972323d13655a858dbeef68ecb.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
914e8a972323d13655a858dbeef68ecb.exe
-
Size
398KB
-
MD5
914e8a972323d13655a858dbeef68ecb
-
SHA1
e4acf88e66d758a2d1af678f56a1f4845acc2dbc
-
SHA256
94538948c885f55d6120782322773ad9a34d7c9c318938c850ac6d55bdd3ad52
-
SHA512
e810b4850a4053037ce49b00a9b1038696c02e87443b014c21a6c10256cda78c540bc16502ea951239ab7e347fc16421e1fa51e8a8f00945ddcd1390537e81b2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-