General
-
Target
New order. December.exe
-
Size
971KB
-
Sample
201204-c13khg6e4a
-
MD5
42289a23f33d793b5213979021fe021f
-
SHA1
387ba991a7fbc49d8b5371bb410abac55dd82b2d
-
SHA256
824d9e9082e27b16c7bff8e0c02321c69abde54bcbc160a17f68ad4eba21170f
-
SHA512
3ee8761c8f07856f3daaa31b141450ddf28ee00a73053e6767a6ec28448b942364138e9ca02dcbd582e4c7fa29ad7f83a2dd29e4eb47cb049f24da77d9621a36
Static task
static1
Behavioral task
behavioral1
Sample
New order. December.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
New order. December.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lokalboyz.com - Port:
587 - Username:
oc@lokalboyz.com - Password:
Gllm9vjy
Targets
-
-
Target
New order. December.exe
-
Size
971KB
-
MD5
42289a23f33d793b5213979021fe021f
-
SHA1
387ba991a7fbc49d8b5371bb410abac55dd82b2d
-
SHA256
824d9e9082e27b16c7bff8e0c02321c69abde54bcbc160a17f68ad4eba21170f
-
SHA512
3ee8761c8f07856f3daaa31b141450ddf28ee00a73053e6767a6ec28448b942364138e9ca02dcbd582e4c7fa29ad7f83a2dd29e4eb47cb049f24da77d9621a36
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-