General
-
Target
para.exe
-
Size
579KB
-
Sample
210126-6d6drwdk1s
-
MD5
62bba54e2480a62aa5bada1e6ecea897
-
SHA1
75c634195e4255a49567ef2d1337e3d5a43bb7d6
-
SHA256
a08288c2f3f2d382f47a3f5b6e742189280a7a1310bc038c46c3a01f82740390
-
SHA512
288a9d04563914bb09872df2522bd01ab599b83b499a074d4c13fae0290346ebc37a13b2e383d8f40fd94750fbe5f6977fc743b55de3169878a7818a8f107621
Static task
static1
Behavioral task
behavioral1
Sample
para.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
para.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.godforeu.com - Port:
587 - Username:
[email protected] - Password:
O8k#Pz4sk:w_
Targets
-
-
Target
para.exe
-
Size
579KB
-
MD5
62bba54e2480a62aa5bada1e6ecea897
-
SHA1
75c634195e4255a49567ef2d1337e3d5a43bb7d6
-
SHA256
a08288c2f3f2d382f47a3f5b6e742189280a7a1310bc038c46c3a01f82740390
-
SHA512
288a9d04563914bb09872df2522bd01ab599b83b499a074d4c13fae0290346ebc37a13b2e383d8f40fd94750fbe5f6977fc743b55de3169878a7818a8f107621
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-