General
-
Target
qDf6TrO8T2WVoNq.exe
-
Size
644KB
-
Sample
201125-e5tcn29zxa
-
MD5
07ea4c95d5fc3afadc61a69f38d732fa
-
SHA1
67de0acf73ae06a772cfc3c1bf66a3ad81346583
-
SHA256
4afc70d7e08f66f587fd37ce1848989853a7405435e92a3d25652781dec66348
-
SHA512
153e939d37393b9620e0ecf713d628629315b62094d8173554b0e12b803d35ecd56cef97ef23eaa463d4f8499e09a59b00c528e6be43e49b2696e149521a68e5
Static task
static1
Behavioral task
behavioral1
Sample
qDf6TrO8T2WVoNq.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
qDf6TrO8T2WVoNq.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
superstars@sardaplywood.com - Password:
sup123st45
Targets
-
-
Target
qDf6TrO8T2WVoNq.exe
-
Size
644KB
-
MD5
07ea4c95d5fc3afadc61a69f38d732fa
-
SHA1
67de0acf73ae06a772cfc3c1bf66a3ad81346583
-
SHA256
4afc70d7e08f66f587fd37ce1848989853a7405435e92a3d25652781dec66348
-
SHA512
153e939d37393b9620e0ecf713d628629315b62094d8173554b0e12b803d35ecd56cef97ef23eaa463d4f8499e09a59b00c528e6be43e49b2696e149521a68e5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-