General
-
Target
Exepiabooking.exe
-
Size
4.0MB
-
Sample
210112-wcrva54x1n
-
MD5
5c65cab7788fc27b919b652d01ab59e7
-
SHA1
51861135196fbf344e9a57a5bdc4f33dc04ae8bd
-
SHA256
0c80023af16a88a4d66bdc4283682f1c7f2da2e7029d242dc18431812eb807b2
-
SHA512
d4c252847c645a0d268e49e136aaee7474f9e8ad2ba3dbecd4d7611a0b9bf9fed4280a8554dfcd37f51419cd02b0467d465475af43cf0ee2dcec8cef775fd8f5
Static task
static1
Behavioral task
behavioral1
Sample
Exepiabooking.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Exepiabooking.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Exepiabooking.exe
-
Size
4.0MB
-
MD5
5c65cab7788fc27b919b652d01ab59e7
-
SHA1
51861135196fbf344e9a57a5bdc4f33dc04ae8bd
-
SHA256
0c80023af16a88a4d66bdc4283682f1c7f2da2e7029d242dc18431812eb807b2
-
SHA512
d4c252847c645a0d268e49e136aaee7474f9e8ad2ba3dbecd4d7611a0b9bf9fed4280a8554dfcd37f51419cd02b0467d465475af43cf0ee2dcec8cef775fd8f5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
AgentTesla Payload
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-