General
-
Target
Scan00023_xls.exe
-
Size
452KB
-
Sample
201109-ynws4pw87s
-
MD5
b3bacaabfb529613024a384bb9f00314
-
SHA1
c76cac7eae822a93159b54ba57454a318183595f
-
SHA256
e7c32ca85ac18ca98fd62854a59f4751868efa0d1d40d4757b1388899a0c7eae
-
SHA512
2b6b9e84a302f043573ef1393fb1e6411b96518d0708ee768b18a024f6412e264fc990f38b6947a5b02c92ed11e39a72f2983ce077f1ca9c733f0a5f4c05aa55
Static task
static1
Behavioral task
behavioral1
Sample
Scan00023_xls.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
evra@moorefundz.com - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
Scan00023_xls.exe
-
Size
452KB
-
MD5
b3bacaabfb529613024a384bb9f00314
-
SHA1
c76cac7eae822a93159b54ba57454a318183595f
-
SHA256
e7c32ca85ac18ca98fd62854a59f4751868efa0d1d40d4757b1388899a0c7eae
-
SHA512
2b6b9e84a302f043573ef1393fb1e6411b96518d0708ee768b18a024f6412e264fc990f38b6947a5b02c92ed11e39a72f2983ce077f1ca9c733f0a5f4c05aa55
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-