General
-
Target
BLKD007026UG28.gz
-
Size
797KB
-
Sample
210122-16n4661z86
-
MD5
abb5dee83cc1cec99c49b1d348da2f44
-
SHA1
70087c30f596cd349fe387732d8249014071c927
-
SHA256
ede32333a607c6e7ec64a03866631c7be580fb941d88f99cd9a42b9c1ceb0b94
-
SHA512
f246e80337001cc4f63287afb946be52b936886afaa624cf34169821d27e3fd86164b12f20c2f2fe0ea4fc75d5b592285c4397b88346e5b290914674198de7c7
Static task
static1
Behavioral task
behavioral1
Sample
BLKD007026UG28.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
[email protected] - Password:
Password@123456789
Targets
-
-
Target
BLKD007026UG28.exe
-
Size
1.1MB
-
MD5
333da7a6f96f20ddbb873cb0e5b41267
-
SHA1
77a470fa9ef648b8adbed3e29f22050855071127
-
SHA256
e5d08064cc0b3123d52c56051ad0671ab3249a2fb5abe596cdd9ce10e8fed725
-
SHA512
a7826497690173c6036320dbb7b1d8c90479b7defffe5e427aa48ea065a10b30dd168297361f74490608724e2fca07f1f2ff0c102ce775114d8578b0825bfd31
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-