General
-
Target
Quote ROE-127488-MU.exe
-
Size
410KB
-
Sample
210112-wnw818w3ae
-
MD5
1b6fb40e9a89fdd6c7aebc89e67ad816
-
SHA1
fe65563016c0e947f4ceb2337a1f6033cf259680
-
SHA256
a2426979e333a461d082c90eae873f236b7a82fcf08819404d2f99a3e867c450
-
SHA512
e0d264962c8912fda26cf87418c8426294e77e4b5cacaf43469934d281da327fecb73582fcd0588191c9131ab4953d2179a8b79357260a9a53200884e50f7ee5
Static task
static1
Behavioral task
behavioral1
Sample
Quote ROE-127488-MU.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Quote ROE-127488-MU.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
@infinitY1234
Targets
-
-
Target
Quote ROE-127488-MU.exe
-
Size
410KB
-
MD5
1b6fb40e9a89fdd6c7aebc89e67ad816
-
SHA1
fe65563016c0e947f4ceb2337a1f6033cf259680
-
SHA256
a2426979e333a461d082c90eae873f236b7a82fcf08819404d2f99a3e867c450
-
SHA512
e0d264962c8912fda26cf87418c8426294e77e4b5cacaf43469934d281da327fecb73582fcd0588191c9131ab4953d2179a8b79357260a9a53200884e50f7ee5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-