General
-
Target
liamhugox.exe
-
Size
23KB
-
Sample
210121-v93y4ykglx
-
MD5
bf36c3069116a3da50f1064adfdd155a
-
SHA1
cbb6f81f80e270ca89059eb96aab393f7b513044
-
SHA256
5d555eddfc23183dd821432fd2a4a04a543c8c1907b636440eb6e7d21829576c
-
SHA512
8c557a6943de45b1405405dea568a726eaf6f7b4874b0b93efaba467f3454bf68f674bb52d2c5e69fafdf3b530bcdc57cfc53c3443f6f95b8b561508c84a81bc
Static task
static1
Behavioral task
behavioral1
Sample
liamhugox.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
liamhugox.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
frostdell.uk - Port:
587 - Username:
userlogs@frostdell.uk - Password:
7213575aceACE@#$
Targets
-
-
Target
liamhugox.exe
-
Size
23KB
-
MD5
bf36c3069116a3da50f1064adfdd155a
-
SHA1
cbb6f81f80e270ca89059eb96aab393f7b513044
-
SHA256
5d555eddfc23183dd821432fd2a4a04a543c8c1907b636440eb6e7d21829576c
-
SHA512
8c557a6943de45b1405405dea568a726eaf6f7b4874b0b93efaba467f3454bf68f674bb52d2c5e69fafdf3b530bcdc57cfc53c3443f6f95b8b561508c84a81bc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-