General
-
Target
7ec490cadb46d941cf22039f839e5688.exe
-
Size
476KB
-
Sample
201109-dkbktstz16
-
MD5
7ec490cadb46d941cf22039f839e5688
-
SHA1
fe05ea713895882c0f80045e6b5eb3db15f97d12
-
SHA256
71502c5ab4ccd1d224efd3ca833f145086a50805c7ca1f7cb48d9ea2f96ffd18
-
SHA512
be9e01965465225605f77312d5ec7085dc8418b680db3272a226a3dec2b902f188748039edc179dc5254bdaba9a7c101bd48b4fff926e50dd909bc28fbab20c7
Static task
static1
Behavioral task
behavioral1
Sample
7ec490cadb46d941cf22039f839e5688.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
7ec490cadb46d941cf22039f839e5688.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ecojett.co - Port:
587 - Username:
ikeji@ecojett.co - Password:
HZnUICj1
Targets
-
-
Target
7ec490cadb46d941cf22039f839e5688.exe
-
Size
476KB
-
MD5
7ec490cadb46d941cf22039f839e5688
-
SHA1
fe05ea713895882c0f80045e6b5eb3db15f97d12
-
SHA256
71502c5ab4ccd1d224efd3ca833f145086a50805c7ca1f7cb48d9ea2f96ffd18
-
SHA512
be9e01965465225605f77312d5ec7085dc8418b680db3272a226a3dec2b902f188748039edc179dc5254bdaba9a7c101bd48b4fff926e50dd909bc28fbab20c7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-