General
-
Target
5aa6dbe2ea7acf2d2d09c9a7aa95c74d.exe
-
Size
642KB
-
Sample
201109-fwv7fjde4j
-
MD5
5aa6dbe2ea7acf2d2d09c9a7aa95c74d
-
SHA1
400a222a2061648f048c256ba19c0a5f4978b8ea
-
SHA256
3e126eedc02526ba804d9351d6d9b1a6da2114510f98b4235662ab6fdb024bbf
-
SHA512
6c3ea0957d50e4f39177fe9098c997587bf2b1d1886e2c2168e2e663505d63b9cb61162c7bb2ebe2ae42a09aff75857001eb22ae46231174db8f34515674e957
Static task
static1
Behavioral task
behavioral1
Sample
5aa6dbe2ea7acf2d2d09c9a7aa95c74d.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5aa6dbe2ea7acf2d2d09c9a7aa95c74d.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
emiliobianchi@yandex.com - Password:
hardwork17
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
emiliobianchi@yandex.com - Password:
hardwork17
Targets
-
-
Target
5aa6dbe2ea7acf2d2d09c9a7aa95c74d.exe
-
Size
642KB
-
MD5
5aa6dbe2ea7acf2d2d09c9a7aa95c74d
-
SHA1
400a222a2061648f048c256ba19c0a5f4978b8ea
-
SHA256
3e126eedc02526ba804d9351d6d9b1a6da2114510f98b4235662ab6fdb024bbf
-
SHA512
6c3ea0957d50e4f39177fe9098c997587bf2b1d1886e2c2168e2e663505d63b9cb61162c7bb2ebe2ae42a09aff75857001eb22ae46231174db8f34515674e957
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-