General
-
Target
Yu2iMnAJBdOGPyv.exe
-
Size
571KB
-
Sample
210125-ngstps46rs
-
MD5
233d36fdcbfe2e9908434fc8e48034b4
-
SHA1
3ece9b158bb00a02bc9c0662e4c36ab0948f9a5f
-
SHA256
3bb4ba1af57ec635228b43c11b676612091f37e15b6578fca48e9a14195a9cd5
-
SHA512
a5cc94f535f7cc2b1e5191a911c90b5343c33ba1d80b4dcc8827855a3f7246e91d7c88f29bd4f60519a8c53f19b6f37b428c307f7fdc0df5268d3ee05acc4ea9
Static task
static1
Behavioral task
behavioral1
Sample
Yu2iMnAJBdOGPyv.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Yu2iMnAJBdOGPyv.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hybridgroupco.com - Port:
587 - Username:
[email protected] - Password:
Obinna123@@@
Targets
-
-
Target
Yu2iMnAJBdOGPyv.exe
-
Size
571KB
-
MD5
233d36fdcbfe2e9908434fc8e48034b4
-
SHA1
3ece9b158bb00a02bc9c0662e4c36ab0948f9a5f
-
SHA256
3bb4ba1af57ec635228b43c11b676612091f37e15b6578fca48e9a14195a9cd5
-
SHA512
a5cc94f535f7cc2b1e5191a911c90b5343c33ba1d80b4dcc8827855a3f7246e91d7c88f29bd4f60519a8c53f19b6f37b428c307f7fdc0df5268d3ee05acc4ea9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-