General
-
Target
invoice 2021.exe
-
Size
688KB
-
Sample
210115-a9d6dhkcy6
-
MD5
9a826012bc1ec72b59c773d3c5093c11
-
SHA1
900dab43ae7e38cc1a8237c3fa49d132b5ee9e1c
-
SHA256
d01af87f10163ca735092945c5bc8710856ee81399a15be1a1d0007f0a1e167c
-
SHA512
da0f228ee28afded0ce647c080db48fe04a2875e64f33fd0783241cb39a2362def9d66f48843de596d04240575cc5df0a8e8dfcc49c6bbb3e44a91a363e4c975
Static task
static1
Behavioral task
behavioral1
Sample
invoice 2021.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
invoice 2021.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dicon.md - Port:
587 - Username:
nado@dicon.md - Password:
Nneoma1234@
Targets
-
-
Target
invoice 2021.exe
-
Size
688KB
-
MD5
9a826012bc1ec72b59c773d3c5093c11
-
SHA1
900dab43ae7e38cc1a8237c3fa49d132b5ee9e1c
-
SHA256
d01af87f10163ca735092945c5bc8710856ee81399a15be1a1d0007f0a1e167c
-
SHA512
da0f228ee28afded0ce647c080db48fe04a2875e64f33fd0783241cb39a2362def9d66f48843de596d04240575cc5df0a8e8dfcc49c6bbb3e44a91a363e4c975
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-