General
-
Target
file
-
Size
928KB
-
Sample
210122-adn8h8k2je
-
MD5
f04a7f12eb665713b0545817d65ca537
-
SHA1
15f3109ff7d00ee862c9de1e802ba1917bac5956
-
SHA256
5cf1df28a7d2aec8788161592430e5827a0ea5a0b01c0a466013e8c28b81fb65
-
SHA512
c44750b2235ef7e15dc8bb1c6775894fa4414fda250305d19d0e42adc12dcfd29984a342a7c0eed7f4175526c3c962f1301f59420a6f1100844af3430adabc77
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
barclays247.com - Port:
587 - Username:
tombag@barclays247.com - Password:
Du_&#[]2y&k*
Targets
-
-
Target
file
-
Size
928KB
-
MD5
f04a7f12eb665713b0545817d65ca537
-
SHA1
15f3109ff7d00ee862c9de1e802ba1917bac5956
-
SHA256
5cf1df28a7d2aec8788161592430e5827a0ea5a0b01c0a466013e8c28b81fb65
-
SHA512
c44750b2235ef7e15dc8bb1c6775894fa4414fda250305d19d0e42adc12dcfd29984a342a7c0eed7f4175526c3c962f1301f59420a6f1100844af3430adabc77
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-