General
-
Target
GLV124182676.exe
-
Size
1.1MB
-
Sample
210118-pttgl6dmdj
-
MD5
53cd1f7296ccd19045e9444159197385
-
SHA1
a19c8ba8b7fe7071324b218c028efe845a17347b
-
SHA256
6387e918c5dfc8dff3602fb8e609895428910ba06f102611a65809fd3fc5af14
-
SHA512
2aeed81d7a18c7962f67c8a0489588710d90a22d4d992a23fe573d27888b9feb16e0369ac23034da19337049015d292e69009d4560fb979a9979671f896b3790
Static task
static1
Behavioral task
behavioral1
Sample
GLV124182676.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
GLV124182676.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gammavilla.org - Port:
587 - Username:
info@gammavilla.org - Password:
county2018
Targets
-
-
Target
GLV124182676.exe
-
Size
1.1MB
-
MD5
53cd1f7296ccd19045e9444159197385
-
SHA1
a19c8ba8b7fe7071324b218c028efe845a17347b
-
SHA256
6387e918c5dfc8dff3602fb8e609895428910ba06f102611a65809fd3fc5af14
-
SHA512
2aeed81d7a18c7962f67c8a0489588710d90a22d4d992a23fe573d27888b9feb16e0369ac23034da19337049015d292e69009d4560fb979a9979671f896b3790
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-