General
-
Target
Wire Confirmation.xz
-
Size
3KB
-
Sample
210125-xxazc6wq4s
-
MD5
6ca201a49dc72d077c7e20cf92557675
-
SHA1
a3ef92fc74f1839a5902a3ef11c69682744451aa
-
SHA256
8a2493326b20d58fea884ac9d6cd9c0d6e30b15d548f35ebb128b7d1236cfae3
-
SHA512
0ad12d0b15a58c9305369b1166722c52e57b4e528e576c774d4552edade6d0fad6f34226f5a00003ca5fc2bd9f601f7d1800adf9555e1a38302b388c97cdf76b
Static task
static1
Behavioral task
behavioral1
Sample
Wire Confirmation.bat.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bhajk.com - Port:
587 - Username:
[email protected] - Password:
bhajk@2020
Targets
-
-
Target
Wire Confirmation.bat
-
Size
8KB
-
MD5
7d67129ad4124e186cc27667756b82ce
-
SHA1
f64a44be28378a316e864d6884b9e096e57259ea
-
SHA256
1d556cb3b82b69f208b03e059b22bae43955b42d1ff9d982ad4d15208f7e5896
-
SHA512
bc757432c8253c32c31da0c31e926b96f3a34b37ad70067be6003f98917f15760116a12a332ea5f2814329ae6890f37839aee958e724d7d512de8b61ff7e6af6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-