General
-
Target
Port ID A1804-21-300.exe
-
Size
1.0MB
-
Sample
210114-bg5xl1gcnn
-
MD5
bfe66eb91b2e298ba2fd8628a1cac10b
-
SHA1
cf2835eed2ee9fa25bfaf0849e78282b63659210
-
SHA256
37b7d1816e5653bf8fc47b2abc51d9fa5168e0574620d89742ef685ea935dc92
-
SHA512
42360473b535cb4ea6834c32d51ccaaacbe51da6be8d62fec48a54d2314c8155c5b031500ba3f922edb191f0b4e6c818b746206599de01daf1edb1067fd4b89d
Static task
static1
Behavioral task
behavioral1
Sample
Port ID A1804-21-300.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Port ID A1804-21-300.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gammavilla.org - Port:
587 - Username:
info@gammavilla.org - Password:
county2018
Targets
-
-
Target
Port ID A1804-21-300.exe
-
Size
1.0MB
-
MD5
bfe66eb91b2e298ba2fd8628a1cac10b
-
SHA1
cf2835eed2ee9fa25bfaf0849e78282b63659210
-
SHA256
37b7d1816e5653bf8fc47b2abc51d9fa5168e0574620d89742ef685ea935dc92
-
SHA512
42360473b535cb4ea6834c32d51ccaaacbe51da6be8d62fec48a54d2314c8155c5b031500ba3f922edb191f0b4e6c818b746206599de01daf1edb1067fd4b89d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-