General
-
Target
MT103.exe
-
Size
1.6MB
-
Sample
210120-knv89zpfxn
-
MD5
98c9171973d6219056145324920d60a6
-
SHA1
3eca2077db8cf92becfb5b531db2ba6fedae7105
-
SHA256
6e7d48f627ce65c08d2bf88286a4597a069d6b7c086185d7ef6e1578e6290f9c
-
SHA512
084c6247e756e3d3648fef1170254e82164382b952eba472779675f980bcd7b08102a1125f37020da6c598d7d3eda554924948094b38ae9f4ff22613b4f3b150
Static task
static1
Behavioral task
behavioral1
Sample
MT103.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
MT103.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gammavilla.org - Port:
587 - Username:
info@gammavilla.org - Password:
county2018
Extracted
Protocol: smtp- Host:
mail.gammavilla.org - Port:
587 - Username:
info@gammavilla.org - Password:
county2018
Targets
-
-
Target
MT103.exe
-
Size
1.6MB
-
MD5
98c9171973d6219056145324920d60a6
-
SHA1
3eca2077db8cf92becfb5b531db2ba6fedae7105
-
SHA256
6e7d48f627ce65c08d2bf88286a4597a069d6b7c086185d7ef6e1578e6290f9c
-
SHA512
084c6247e756e3d3648fef1170254e82164382b952eba472779675f980bcd7b08102a1125f37020da6c598d7d3eda554924948094b38ae9f4ff22613b4f3b150
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-