General
-
Target
2218003603 92390-001.exe
-
Size
1.2MB
-
Sample
210118-1lkhe2gsps
-
MD5
8eb6cbd100ff39eac71807b2efab912c
-
SHA1
b07017cc35dffde4e94fcb5d3aebd25a623896d8
-
SHA256
e90239127fa731890c6f55de5a7dc6cfaff1b6d8a2c61eba0d2fc7ef2e7a6ee3
-
SHA512
1e11ba28c819d35be1be837f7cae09ddf78073f28f809943a77d2284e1e72fc99f2e13d1faa8bfd7bde18b0a9094df70b702214375060d875e66d71f9eda0215
Static task
static1
Behavioral task
behavioral1
Sample
2218003603 92390-001.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2218003603 92390-001.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
blaqlogs@yandex.ru - Password:
ugoblaq007
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
blaqlogs@yandex.ru - Password:
ugoblaq007
Targets
-
-
Target
2218003603 92390-001.exe
-
Size
1.2MB
-
MD5
8eb6cbd100ff39eac71807b2efab912c
-
SHA1
b07017cc35dffde4e94fcb5d3aebd25a623896d8
-
SHA256
e90239127fa731890c6f55de5a7dc6cfaff1b6d8a2c61eba0d2fc7ef2e7a6ee3
-
SHA512
1e11ba28c819d35be1be837f7cae09ddf78073f28f809943a77d2284e1e72fc99f2e13d1faa8bfd7bde18b0a9094df70b702214375060d875e66d71f9eda0215
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-