General
-
Target
667098654356pdf.exe
-
Size
845KB
-
Sample
210112-ns9hv6hbqs
-
MD5
f613d92e22e3da552ca70021c267c826
-
SHA1
3790fd94d2fa8712e81aabd11910a2fe4b6c8514
-
SHA256
3cdb85efd62add89d7945f62faf3c578d7fa6b5ec68573b1d774265afd46a8ad
-
SHA512
4da46153652b8963a053bc80bf6b3716bcb3e20fe4eb6c17a60e3bef3922ef9b7479d9d5b2ac6c5e9cafb9b16a9aa7fe309684b82546b74e52008e304f30b218
Static task
static1
Behavioral task
behavioral1
Sample
667098654356pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
667098654356pdf.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
qwerty123@@@
Targets
-
-
Target
667098654356pdf.exe
-
Size
845KB
-
MD5
f613d92e22e3da552ca70021c267c826
-
SHA1
3790fd94d2fa8712e81aabd11910a2fe4b6c8514
-
SHA256
3cdb85efd62add89d7945f62faf3c578d7fa6b5ec68573b1d774265afd46a8ad
-
SHA512
4da46153652b8963a053bc80bf6b3716bcb3e20fe4eb6c17a60e3bef3922ef9b7479d9d5b2ac6c5e9cafb9b16a9aa7fe309684b82546b74e52008e304f30b218
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-