General
-
Target
Quotations pictures and desisgns.jpg.exe
-
Size
525KB
-
Sample
201109-p6gw5ydm5e
-
MD5
9b9c7215b4e1d0a7a7f8f8bd9230c08a
-
SHA1
34036cd7ceb8a49bfcd696f289f45b3d4d63e4a1
-
SHA256
3b272d130c1f4efa53d4c300ab9421f1ffa00c2983c5c0e2ce000f278db78269
-
SHA512
c8b873c73dd3947331272836efe26b16f84f0383c5a89ce65428a107994c4c3238aa3559000361f0718a9d15230eaadfa9a14242a3d47faad516dda07275b768
Static task
static1
Behavioral task
behavioral1
Sample
Quotations pictures and desisgns.jpg.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quotations pictures and desisgns.jpg.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Quotations pictures and desisgns.jpg.exe
-
Size
525KB
-
MD5
9b9c7215b4e1d0a7a7f8f8bd9230c08a
-
SHA1
34036cd7ceb8a49bfcd696f289f45b3d4d63e4a1
-
SHA256
3b272d130c1f4efa53d4c300ab9421f1ffa00c2983c5c0e2ce000f278db78269
-
SHA512
c8b873c73dd3947331272836efe26b16f84f0383c5a89ce65428a107994c4c3238aa3559000361f0718a9d15230eaadfa9a14242a3d47faad516dda07275b768
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-