General
-
Target
1826ed782d8e1c75f78af11d0b6f4aa8.exe
-
Size
350KB
-
Sample
210129-758k4cx996
-
MD5
1826ed782d8e1c75f78af11d0b6f4aa8
-
SHA1
a89ec7b3043788631ea7bc020d25f8b04cbef04b
-
SHA256
7ad5f3508b81721b131500d8ff7d58f8d61605bb9a7da02e993882c38fa790fe
-
SHA512
fccc0d17805126c2caf183b7a50e11ee6433862fcacad48cdb8d2655f0a3046364a872f82f78d0adeaa0a1412e73b64ef438f64403a8135bb3e45a0ace244403
Static task
static1
Behavioral task
behavioral1
Sample
1826ed782d8e1c75f78af11d0b6f4aa8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1826ed782d8e1c75f78af11d0b6f4aa8.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
polar.argondns.net - Port:
587 - Username:
[email protected] - Password:
]4&w8LUz9*LT
Targets
-
-
Target
1826ed782d8e1c75f78af11d0b6f4aa8.exe
-
Size
350KB
-
MD5
1826ed782d8e1c75f78af11d0b6f4aa8
-
SHA1
a89ec7b3043788631ea7bc020d25f8b04cbef04b
-
SHA256
7ad5f3508b81721b131500d8ff7d58f8d61605bb9a7da02e993882c38fa790fe
-
SHA512
fccc0d17805126c2caf183b7a50e11ee6433862fcacad48cdb8d2655f0a3046364a872f82f78d0adeaa0a1412e73b64ef438f64403a8135bb3e45a0ace244403
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-