General
-
Target
PRODUCTS ON DEMAND AND 3D DRAWING.pif.exe
-
Size
613KB
-
Sample
201109-ldh3jqrqse
-
MD5
ca09aa667e4c36ba5b182ab8c0548882
-
SHA1
64d92a31f0bc67565d22220ece3b8ab5a81d17d8
-
SHA256
912773eb914dcc982732f98b82b37c8dd39700fdc52fe054656f30d0df7b9157
-
SHA512
5b183abe5dc8f003b5124ae43f6ebd879301146f4c93d42163f5b414a46ba20ce25ca2fe6b2eca416597f2491e66f3f7699fed338f626a3fb571c1bdd7697513
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
donkraus6@yandex.com - Password:
Chinedu2@
Targets
-
-
Target
PRODUCTS ON DEMAND AND 3D DRAWING.pif.exe
-
Size
613KB
-
MD5
ca09aa667e4c36ba5b182ab8c0548882
-
SHA1
64d92a31f0bc67565d22220ece3b8ab5a81d17d8
-
SHA256
912773eb914dcc982732f98b82b37c8dd39700fdc52fe054656f30d0df7b9157
-
SHA512
5b183abe5dc8f003b5124ae43f6ebd879301146f4c93d42163f5b414a46ba20ce25ca2fe6b2eca416597f2491e66f3f7699fed338f626a3fb571c1bdd7697513
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
rezer0
Detects ReZer0, a packer with multiple versions used in various campaigns.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-