General
-
Target
aLjBjGUvWecwGptNRQryBtRBaVCtO.exe
-
Size
215KB
-
Sample
210119-xsf46m47cx
-
MD5
db3f95f2c39e8547f1fa72c608a8be11
-
SHA1
12c449b97c31faf2a43bd8eb3e91e9b1fd15672c
-
SHA256
25f6ed9bb32723c139d4abfccf345db631a8483dde664eabd956071ee4b08de4
-
SHA512
d72698da82a4d80e460405101b7de3ec33b4d9baa9be3fe53950c3d9d46646e3d4722767d094d2754bdb29cdec7aadcd985df3fe10d01f4d72d521bf0b5fc0ee
Static task
static1
Behavioral task
behavioral1
Sample
aLjBjGUvWecwGptNRQryBtRBaVCtO.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
aLjBjGUvWecwGptNRQryBtRBaVCtO.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cefortem.cat - Port:
587 - Username:
presidencia@cefortem.cat - Password:
Vft284Rpyn
Targets
-
-
Target
aLjBjGUvWecwGptNRQryBtRBaVCtO.exe
-
Size
215KB
-
MD5
db3f95f2c39e8547f1fa72c608a8be11
-
SHA1
12c449b97c31faf2a43bd8eb3e91e9b1fd15672c
-
SHA256
25f6ed9bb32723c139d4abfccf345db631a8483dde664eabd956071ee4b08de4
-
SHA512
d72698da82a4d80e460405101b7de3ec33b4d9baa9be3fe53950c3d9d46646e3d4722767d094d2754bdb29cdec7aadcd985df3fe10d01f4d72d521bf0b5fc0ee
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-