General
-
Target
Zahlungsauftrag.tgz
-
Size
578KB
-
Sample
210113-hwt5km6wda
-
MD5
c2ffa7cb643d5f286acc15ce260f3fd3
-
SHA1
23b76301097c342672e55251a99c235843aa3ff2
-
SHA256
629d3279871a54a7dc4b7f3ba4d6643ea8017f9fc847ef03192c16aaf51869f8
-
SHA512
e2562256585ae7ca3bf0e19de99bd39567308bf51c0f1a7f40936a481186ee6e3e4e72c9bf91b989d971923b1a4da54b2582764253cdca5144452a297c4a28f8
Static task
static1
Behavioral task
behavioral1
Sample
Zahlungsauftrag.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Zahlungsauftrag.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.1and1.es - Port:
587 - Username:
catalinafuster@palmaprocura.com - Password:
CATALINA12345
Targets
-
-
Target
Zahlungsauftrag.exe
-
Size
880KB
-
MD5
552a67996412601e69af612184903c1e
-
SHA1
32cec8e444a8bf80624c9c6cfea59fcc3695d1f4
-
SHA256
1a130b182223ec2b64350133d952868d453687b4c6c8f7d9779e8fe3bfda2afd
-
SHA512
0b57e822e363b6df150e0440a6992c434f5a6ff52e6cd7170c01d97694b38e05535acccd986a38701306645fcd60c632faa704c5224dc5fd97f18fb0b424ae46
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-