General
-
Target
winlog.exe
-
Size
678KB
-
Sample
210126-ten7wzej1n
-
MD5
73e25f09d4c7e66c2f126f49e47154aa
-
SHA1
10f9c184b5e5f305a2e866087e0581ef23f32b28
-
SHA256
4c197092877ec4d548bdb4a2fb4284bed16b940e701c3123fba0f25eac00664a
-
SHA512
598c80a7772d9764698c8e1348e62ff2f270e4bb634f585436882c8a87b026ab043c7f712f49a582458de65032e4a68cd0b217a54ae32458ea728e9cafabbb95
Static task
static1
Behavioral task
behavioral1
Sample
winlog.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
winlog.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sistemassg.com - Port:
587 - Username:
teresa@sistemassg.com - Password:
princehero1234
Targets
-
-
Target
winlog.exe
-
Size
678KB
-
MD5
73e25f09d4c7e66c2f126f49e47154aa
-
SHA1
10f9c184b5e5f305a2e866087e0581ef23f32b28
-
SHA256
4c197092877ec4d548bdb4a2fb4284bed16b940e701c3123fba0f25eac00664a
-
SHA512
598c80a7772d9764698c8e1348e62ff2f270e4bb634f585436882c8a87b026ab043c7f712f49a582458de65032e4a68cd0b217a54ae32458ea728e9cafabbb95
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-