General
-
Target
file
-
Size
985KB
-
Sample
210125-bs8eaprh3a
-
MD5
27b3c8dd22bfff02350e742b4cf1a8b0
-
SHA1
69c60c67e7b987f75fbf22f21378e62e679d60c1
-
SHA256
3728b436ce177b5153e4b5a673d79f2dbf2e377960e35fea9db40bae8ec04618
-
SHA512
bcc9e051de2d20477e181254c287ac1a85125e1a90420b71171bf4085a9ef452a76924eee53f3dc731a259977f1252b7b09e78d5431e1fbfba512f5e84b05ed0
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
barclays247.com - Port:
587 - Username:
[email protected] - Password:
Du_&#[]2y&k*
Targets
-
-
Target
file
-
Size
985KB
-
MD5
27b3c8dd22bfff02350e742b4cf1a8b0
-
SHA1
69c60c67e7b987f75fbf22f21378e62e679d60c1
-
SHA256
3728b436ce177b5153e4b5a673d79f2dbf2e377960e35fea9db40bae8ec04618
-
SHA512
bcc9e051de2d20477e181254c287ac1a85125e1a90420b71171bf4085a9ef452a76924eee53f3dc731a259977f1252b7b09e78d5431e1fbfba512f5e84b05ed0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-