General
-
Target
61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89.zip
-
Size
173KB
-
Sample
201204-ey7tm31e86
-
MD5
2d270fe69d9cf7a2cd429df29abb645f
-
SHA1
9ba77ae5f6884b81d71237f29ad517a2d9cfb0e1
-
SHA256
4dd2172ce6a988468ea514bae49dec9cd9bdbdc07f95e6546c75ebe4c9fc829d
-
SHA512
f9c802feda531eb2e9ff2c0c7529659c658d30f501c5fe315dd59b53339b7c40842a6ee873963d3580ef7361563fac77d536dd58e8b29ab080469186ea8ec993
Static task
static1
Behavioral task
behavioral1
Sample
61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89
-
Size
236KB
-
MD5
e1618002c8700b4ae261b1e5aea00e42
-
SHA1
71a93b760fb4c0ee6201ea09a19b50fd46d0439f
-
SHA256
61f2d6fa249bfd74e59d8f6d50191c62490fc690f7fb035fe2133b4566b38a89
-
SHA512
264a802e3e9e406d4a3f42d518a1ee1d6492cc012489c22525f1476375d73008e9b79d85f789f6d321b39800374fefbfa671031e4db6e247a152205cf4f76b3a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-