General
-
Target
7914c86127da2dba709443a91dbb5d07f002cb22d909463834887af16c92ab98
-
Size
1.1MB
-
Sample
210121-5fv16p5q3j
-
MD5
ea99845d17bdac5f44cf44a74c2fc061
-
SHA1
56a5c4e9879ef44c8853ee24aa78cd5ebb6da9cd
-
SHA256
7914c86127da2dba709443a91dbb5d07f002cb22d909463834887af16c92ab98
-
SHA512
69dde572cb13a0d280cf3f44ea090395f93462cfabae3af34ed4ca5701b0c91fedb33ea990c8686791bc7000df16a16f7a83f13b7b1e6871b78fe8073d7cd69a
Static task
static1
Behavioral task
behavioral1
Sample
7914c86127da2dba709443a91dbb5d07f002cb22d909463834887af16c92ab98.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
7914c86127da2dba709443a91dbb5d07f002cb22d909463834887af16c92ab98.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.bluescorpesteel.com - Port:
587 - Username:
kelly.muir@bluescorpesteel.com - Password:
#UwKu**2
Targets
-
-
Target
7914c86127da2dba709443a91dbb5d07f002cb22d909463834887af16c92ab98
-
Size
1.1MB
-
MD5
ea99845d17bdac5f44cf44a74c2fc061
-
SHA1
56a5c4e9879ef44c8853ee24aa78cd5ebb6da9cd
-
SHA256
7914c86127da2dba709443a91dbb5d07f002cb22d909463834887af16c92ab98
-
SHA512
69dde572cb13a0d280cf3f44ea090395f93462cfabae3af34ed4ca5701b0c91fedb33ea990c8686791bc7000df16a16f7a83f13b7b1e6871b78fe8073d7cd69a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-