General
-
Target
0e9be54545aa62838e709492e063ca6e.exe
-
Size
527KB
-
Sample
201109-87rjh7d5k6
-
MD5
0e9be54545aa62838e709492e063ca6e
-
SHA1
f2621b34392bce12dd3afcef46920349ac0f0262
-
SHA256
006449caaa797b90e1c58ff7a1a767a937e220b45f98cb9f55a0227a2a1d7f08
-
SHA512
4ac8db9010c1620770998287f0e0b159570d50e356c5d26fc701cfdc52d3cf5a27149d77b3da07b9be91107d29795bfef2bd746026b704f5118439ca8802a48f
Behavioral task
behavioral1
Sample
0e9be54545aa62838e709492e063ca6e.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0e9be54545aa62838e709492e063ca6e.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.ssaironline.com - Port:
587 - Username:
exportami@ssaironline.com - Password:
22Nov@2018#$%
Extracted
Protocol: smtp- Host:
webmail.ssaironline.com - Port:
587 - Username:
exportami@ssaironline.com - Password:
22Nov@2018#$%
Targets
-
-
Target
0e9be54545aa62838e709492e063ca6e.exe
-
Size
527KB
-
MD5
0e9be54545aa62838e709492e063ca6e
-
SHA1
f2621b34392bce12dd3afcef46920349ac0f0262
-
SHA256
006449caaa797b90e1c58ff7a1a767a937e220b45f98cb9f55a0227a2a1d7f08
-
SHA512
4ac8db9010c1620770998287f0e0b159570d50e356c5d26fc701cfdc52d3cf5a27149d77b3da07b9be91107d29795bfef2bd746026b704f5118439ca8802a48f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-