General
-
Target
S_0004983002218_07_05_2020.exe
-
Size
538KB
-
Sample
201109-8t3b9yshwa
-
MD5
e0bf3b5b7e427bf37687c7138fad0ed6
-
SHA1
06982a0b678a1fdba05516919dfe775865739778
-
SHA256
403ebe632490ce66b85d75f17ae996cfd0a89294e2c2cce1bcef66b5d4278a18
-
SHA512
a5d891f820cb96dfdf3b2c990b5b244dad30235135d58d48d4ea10c06544e04cfc3c51141526394d23ce344bc9a11e9085d408febd000a2a490b165938a9274d
Behavioral task
behavioral1
Sample
S_0004983002218_07_05_2020.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
S_0004983002218_07_05_2020.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.reacsa.com.mx - Port:
587 - Username:
sucursal_puebla@reacsa.com.mx - Password:
(MzImXmp2u)!
Extracted
Protocol: smtp- Host:
mail.reacsa.com.mx - Port:
587 - Username:
sucursal_puebla@reacsa.com.mx - Password:
(MzImXmp2u)!
Targets
-
-
Target
S_0004983002218_07_05_2020.exe
-
Size
538KB
-
MD5
e0bf3b5b7e427bf37687c7138fad0ed6
-
SHA1
06982a0b678a1fdba05516919dfe775865739778
-
SHA256
403ebe632490ce66b85d75f17ae996cfd0a89294e2c2cce1bcef66b5d4278a18
-
SHA512
a5d891f820cb96dfdf3b2c990b5b244dad30235135d58d48d4ea10c06544e04cfc3c51141526394d23ce344bc9a11e9085d408febd000a2a490b165938a9274d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-