General
-
Target
VWHv25hG8krG0oN.exe
-
Size
1.1MB
-
Sample
210122-kjm8drklgj
-
MD5
7f82cfb27071df49570b6218613b886a
-
SHA1
494f13242df0d1cfedada1dbf6ca8e47583bce5d
-
SHA256
bc9bf3135e6e8e2bbe5f345843da0ac33848981d94cbd2dd540606c4397fac0b
-
SHA512
47e499b9b645033348ec05ebdb43611bd439080d93ed69e4703b9d4a6f4651125e17a42b98738d6a11ca009fa57059724fde86c4e3bfb51c697c2c2dbb9c3fc3
Static task
static1
Behavioral task
behavioral1
Sample
VWHv25hG8krG0oN.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
VWHv25hG8krG0oN.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gammavilla.org - Port:
587 - Username:
info@gammavilla.org - Password:
county2018
Extracted
Protocol: smtp- Host:
mail.gammavilla.org - Port:
587 - Username:
info@gammavilla.org - Password:
county2018
Targets
-
-
Target
VWHv25hG8krG0oN.exe
-
Size
1.1MB
-
MD5
7f82cfb27071df49570b6218613b886a
-
SHA1
494f13242df0d1cfedada1dbf6ca8e47583bce5d
-
SHA256
bc9bf3135e6e8e2bbe5f345843da0ac33848981d94cbd2dd540606c4397fac0b
-
SHA512
47e499b9b645033348ec05ebdb43611bd439080d93ed69e4703b9d4a6f4651125e17a42b98738d6a11ca009fa57059724fde86c4e3bfb51c697c2c2dbb9c3fc3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-