General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462
-
Size
39KB
-
Sample
210122-pepyjdy6ea
-
MD5
093581879b31e72cb9f58572e92a326b
-
SHA1
79f62189cca9d966bf5fa783f54d6ad9032fe820
-
SHA256
7284ce088723465f101b804f22a27e235f6ae8148dd1120508e3fed43348ed54
-
SHA512
8440c62ca7cb060deea4c96c6957fd59d29c4617acae5b9c6e284caae2610d80ed107bfab765a3c5e010e3744cf6a8b150f633319f8731f142937b05a9a75d6a
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sardaplywood.com - Port:
587 - Username:
superstars@sardaplywood.com - Password:
sup123st45
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.26462
-
Size
39KB
-
MD5
093581879b31e72cb9f58572e92a326b
-
SHA1
79f62189cca9d966bf5fa783f54d6ad9032fe820
-
SHA256
7284ce088723465f101b804f22a27e235f6ae8148dd1120508e3fed43348ed54
-
SHA512
8440c62ca7cb060deea4c96c6957fd59d29c4617acae5b9c6e284caae2610d80ed107bfab765a3c5e010e3744cf6a8b150f633319f8731f142937b05a9a75d6a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-