General
-
Target
SecuriteInfo.com.Generic.mg.e92f0e2d08762687.108
-
Size
1018KB
-
Sample
210112-j24n9c59se
-
MD5
e92f0e2d08762687dc5cf2258258f72a
-
SHA1
c748f3ab7145b6d90f7114747c42ac13f7bfdfcd
-
SHA256
8a9d9e94217e06ea9f3c205b1722f76cbe9c670daee30f275f35c1fa21df13e5
-
SHA512
2311c7f99d32e16021fabfa8220d16b8139cb4da6bef710729e491be8da6cb5d21e7290330cf446565c2daf5288105c485dc05f3bb8aff1b10dd2eee84da8ce0
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.e92f0e2d08762687.108.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.e92f0e2d08762687.108.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
lord@blessme
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.e92f0e2d08762687.108
-
Size
1018KB
-
MD5
e92f0e2d08762687dc5cf2258258f72a
-
SHA1
c748f3ab7145b6d90f7114747c42ac13f7bfdfcd
-
SHA256
8a9d9e94217e06ea9f3c205b1722f76cbe9c670daee30f275f35c1fa21df13e5
-
SHA512
2311c7f99d32e16021fabfa8220d16b8139cb4da6bef710729e491be8da6cb5d21e7290330cf446565c2daf5288105c485dc05f3bb8aff1b10dd2eee84da8ce0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-