General
-
Target
file
-
Size
1.1MB
-
Sample
210113-jt9vkmzknj
-
MD5
cd7cd1428bc7dd05683897db570be670
-
SHA1
8a630d55e49dfbc24679585a5b4a298f8b86016a
-
SHA256
8545c59f6fe59b3a5cdbad8923aa9b4a109dc03f4c003bdba937eacaafbfbf3c
-
SHA512
2405b02ec43b799829d02b70e7fe75a4924688263d6d352618cd4a3f4d04b86cd16eedce1255858d04962819d480ed0d1dcaf69685156c688681fad8d3a7c548
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
pouns@vivaldi.net - Password:
qwerty123@@@
Targets
-
-
Target
file
-
Size
1.1MB
-
MD5
cd7cd1428bc7dd05683897db570be670
-
SHA1
8a630d55e49dfbc24679585a5b4a298f8b86016a
-
SHA256
8545c59f6fe59b3a5cdbad8923aa9b4a109dc03f4c003bdba937eacaafbfbf3c
-
SHA512
2405b02ec43b799829d02b70e7fe75a4924688263d6d352618cd4a3f4d04b86cd16eedce1255858d04962819d480ed0d1dcaf69685156c688681fad8d3a7c548
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-