General
-
Target
Invoice 20200407.exe
-
Size
522KB
-
Sample
201109-ej1sjdyl8j
-
MD5
ae4e6d5d77d778c2f3b7ddcd7ca8b572
-
SHA1
fc61df4c2c91fc0985d6efd8ead3210f5936e7b3
-
SHA256
caaa4cc129eafbe57a597050e290a56fc724309017bb28276e53f2f1496bf1db
-
SHA512
1ff059cfdcef81282ed7d2bea2aa7815f0aacc2096b30df3e654041acc8a4f299e0e32b1ba5d18a3e45e6bbf69601065c1f5e162cde63cc34ae664d2f7fc58cf
Behavioral task
behavioral1
Sample
Invoice 20200407.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Invoice 20200407.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
result.package@yandex.ru - Password:
Blessing123
Targets
-
-
Target
Invoice 20200407.exe
-
Size
522KB
-
MD5
ae4e6d5d77d778c2f3b7ddcd7ca8b572
-
SHA1
fc61df4c2c91fc0985d6efd8ead3210f5936e7b3
-
SHA256
caaa4cc129eafbe57a597050e290a56fc724309017bb28276e53f2f1496bf1db
-
SHA512
1ff059cfdcef81282ed7d2bea2aa7815f0aacc2096b30df3e654041acc8a4f299e0e32b1ba5d18a3e45e6bbf69601065c1f5e162cde63cc34ae664d2f7fc58cf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-