General
-
Target
2101180DMCUG.exe
-
Size
647KB
-
Sample
210118-534n9kz6ys
-
MD5
482504a53067eb6331948b2f946927df
-
SHA1
5a08e838f5b38ba878568a90734288c246e386f5
-
SHA256
e2da0284dd6560f4fdfc2a2ec9eafb0c791ebebc7b0ebcc0d792cc791412145e
-
SHA512
37d241fe6c44db844f3b42abd63ecb7d7defe9837f96df14c196b0f267178fd49c13b2d4386eaf039f666175645c93f54b2c9a342278adc8243b53787bacd8ac
Static task
static1
Behavioral task
behavioral1
Sample
2101180DMCUG.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
2101180DMCUG.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp-mail.outlook.com - Port:
587 - Username:
randyharvey35@outlook.com - Password:
nigerianguy0147
Targets
-
-
Target
2101180DMCUG.exe
-
Size
647KB
-
MD5
482504a53067eb6331948b2f946927df
-
SHA1
5a08e838f5b38ba878568a90734288c246e386f5
-
SHA256
e2da0284dd6560f4fdfc2a2ec9eafb0c791ebebc7b0ebcc0d792cc791412145e
-
SHA512
37d241fe6c44db844f3b42abd63ecb7d7defe9837f96df14c196b0f267178fd49c13b2d4386eaf039f666175645c93f54b2c9a342278adc8243b53787bacd8ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-