General
-
Target
invoice8576758744y585886768.gz
-
Size
736KB
-
Sample
210127-c9ahg61v1j
-
MD5
0c68619c2de85d89febd8c4bb906c7cf
-
SHA1
775028bec84df0d125dd2bcbb1e4090331725ead
-
SHA256
a4aff5f8c86c34108bf9b1692610af47515e71702fd322a9b26185c1588c6a15
-
SHA512
d223243416ef5753271d63ea3a792137ca066505c2bd825899d4862ea858ba2b0700e65d3f4359b1bebcb3d34cca49dce33884bda724fee4624226d2adbddf93
Static task
static1
Behavioral task
behavioral1
Sample
invoice8576758744y585886768.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
invoice8576758744y585886768.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.curidesigner.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
invoice8576758744y585886768.exe
-
Size
950KB
-
MD5
ad45cc921094fdbc5856a7ee54406850
-
SHA1
05b7efdd1c501acffbe4127503a10a607662ac1a
-
SHA256
945999d9b187860e792638380ae759e662bb81cef727ef9d223dcd77564c9b26
-
SHA512
d16e2d46c9fbc2a1326455f100fac73b221b88f45f03b1797c7d7bdd6eca0807c37880208d26cf751d23dc885fa1c846a90b1a93a704c162f8a63bfac7e66e6c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-