General
-
Target
09xcuRN2HJmRRCm.exe
-
Size
1.4MB
-
Sample
210120-2wsy4nc8wa
-
MD5
c8d8c51d1ba89855402f637cf7f3e1fd
-
SHA1
42e9e8517bc4082c140e76a768ed8f2887a29651
-
SHA256
992784e97942ec2a90b0a2ca99ab5263cb32d4d01ee2232cd44af7ab8f471de0
-
SHA512
0cf46281bfc4208295898b6163b32ac5dfeafced4f2ae7b04621cd45dd4dddea9e001e3cf1203d3e90a02154713b17b42ac2e3c6aca498cbfe65234338a0a13c
Static task
static1
Behavioral task
behavioral1
Sample
09xcuRN2HJmRRCm.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
09xcuRN2HJmRRCm.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cefortem.cat - Port:
587 - Username:
presidencia@cefortem.cat - Password:
Vft284Rpyn
Targets
-
-
Target
09xcuRN2HJmRRCm.exe
-
Size
1.4MB
-
MD5
c8d8c51d1ba89855402f637cf7f3e1fd
-
SHA1
42e9e8517bc4082c140e76a768ed8f2887a29651
-
SHA256
992784e97942ec2a90b0a2ca99ab5263cb32d4d01ee2232cd44af7ab8f471de0
-
SHA512
0cf46281bfc4208295898b6163b32ac5dfeafced4f2ae7b04621cd45dd4dddea9e001e3cf1203d3e90a02154713b17b42ac2e3c6aca498cbfe65234338a0a13c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-