General
-
Target
New Request.exe
-
Size
553KB
-
Sample
201109-m8w4radtjj
-
MD5
abf16f4f5482738b53393f835dd6b9f9
-
SHA1
989529e1969a6b971a632a176862d5291fc5e2a1
-
SHA256
0b6118c17d89a24512971b9190cf4e76b54e0f02cb06d23d899a17feb9fc64f3
-
SHA512
e8dca4d90155c920b11cb2ebf44f65b93374b532a1c5f757937676939f68f254234318aa057b67ae32fdeae31f334f99218c2cb51fed27d3d1bf490317e42e04
Behavioral task
behavioral1
Sample
New Request.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
New Request.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
dmkozlovd@yandex.ru - Password:
Starboy@22
Targets
-
-
Target
New Request.exe
-
Size
553KB
-
MD5
abf16f4f5482738b53393f835dd6b9f9
-
SHA1
989529e1969a6b971a632a176862d5291fc5e2a1
-
SHA256
0b6118c17d89a24512971b9190cf4e76b54e0f02cb06d23d899a17feb9fc64f3
-
SHA512
e8dca4d90155c920b11cb2ebf44f65b93374b532a1c5f757937676939f68f254234318aa057b67ae32fdeae31f334f99218c2cb51fed27d3d1bf490317e42e04
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-