General
-
Target
SecuriteInfo.com.Trojan.DownLoader36.37393.29158.16741
-
Size
8KB
-
Sample
210126-3apphejby6
-
MD5
0ab82854f449517d76898302950817ee
-
SHA1
ff2a4d25344510b353f28032a9d9c08f81750d11
-
SHA256
f6d1d069d1d55f689ae9550ca6b7fe88708b6a0db52043ffe0d21bd79ce246c5
-
SHA512
1ec65b4b6a926315aa99a30bcabe1f7e3842309fbc2b43dd87291b0d19c37ae16639b797dfc2da7f48702044f194a7f41c789342de1bc31d98e06b1575a44f13
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.DownLoader36.37393.29158.16741.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.DownLoader36.37393.29158.16741.exe
Resource
win10v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.owlpk.com - Port:
587 - Username:
[email protected] - Password:
786owlacc?
Extracted
agenttesla
Protocol: smtp- Host:
mail.owlpk.com - Port:
587 - Username:
[email protected] - Password:
786owlacc?
Targets
-
-
Target
SecuriteInfo.com.Trojan.DownLoader36.37393.29158.16741
-
Size
8KB
-
MD5
0ab82854f449517d76898302950817ee
-
SHA1
ff2a4d25344510b353f28032a9d9c08f81750d11
-
SHA256
f6d1d069d1d55f689ae9550ca6b7fe88708b6a0db52043ffe0d21bd79ce246c5
-
SHA512
1ec65b4b6a926315aa99a30bcabe1f7e3842309fbc2b43dd87291b0d19c37ae16639b797dfc2da7f48702044f194a7f41c789342de1bc31d98e06b1575a44f13
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-