General
-
Target
ITEM DETAILS.Tianzhu.exe
-
Size
513KB
-
Sample
201109-pw94bpl35a
-
MD5
9c4f3f542fde993ae0e0571456356dc4
-
SHA1
78c600279ce2819abeddc7020cadce67b36394da
-
SHA256
590bd4f24a79d69139ca6b32de3e1b88029eed2ab6444a9975826e04361f3ebb
-
SHA512
a08ee02827c5843462c46a4bdeb348ac2c85e2d7981a364e7b600c6fb3f4af4620fc53ee228e74a0ce1c7a7fd3aea8c4331739adccb2fe0435f1f932bbb9a1ec
Static task
static1
Behavioral task
behavioral1
Sample
ITEM DETAILS.Tianzhu.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
ITEM DETAILS.Tianzhu.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
solomon12345$$$1
Targets
-
-
Target
ITEM DETAILS.Tianzhu.exe
-
Size
513KB
-
MD5
9c4f3f542fde993ae0e0571456356dc4
-
SHA1
78c600279ce2819abeddc7020cadce67b36394da
-
SHA256
590bd4f24a79d69139ca6b32de3e1b88029eed2ab6444a9975826e04361f3ebb
-
SHA512
a08ee02827c5843462c46a4bdeb348ac2c85e2d7981a364e7b600c6fb3f4af4620fc53ee228e74a0ce1c7a7fd3aea8c4331739adccb2fe0435f1f932bbb9a1ec
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-