General
-
Target
06ab3bdeae92bc8dceb7b2c99ba9d65087b1b1e9d3b6aa3abbade809259e677f.exe
-
Size
1.2MB
-
Sample
210130-9wy2c2j6jj
-
MD5
67090c3017090c2fb7f2ad1c67d2081e
-
SHA1
57b4f770dc884d5aad353413a2ba892cc26e015c
-
SHA256
06ab3bdeae92bc8dceb7b2c99ba9d65087b1b1e9d3b6aa3abbade809259e677f
-
SHA512
cb2b7b73b5497b11eb71dfb92ab22567145a6f603b6b046515b0f9e1fd15bae0afdcc6d2bf6dac5e73e15b7a46c1246e8c27eafcc0f80a05128681dc097e0335
Static task
static1
Behavioral task
behavioral1
Sample
06ab3bdeae92bc8dceb7b2c99ba9d65087b1b1e9d3b6aa3abbade809259e677f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
06ab3bdeae92bc8dceb7b2c99ba9d65087b1b1e9d3b6aa3abbade809259e677f.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.softg.com.ng/ - Port:
21 - Username:
[email protected] - Password:
wealth@123455@@
Targets
-
-
Target
06ab3bdeae92bc8dceb7b2c99ba9d65087b1b1e9d3b6aa3abbade809259e677f.exe
-
Size
1.2MB
-
MD5
67090c3017090c2fb7f2ad1c67d2081e
-
SHA1
57b4f770dc884d5aad353413a2ba892cc26e015c
-
SHA256
06ab3bdeae92bc8dceb7b2c99ba9d65087b1b1e9d3b6aa3abbade809259e677f
-
SHA512
cb2b7b73b5497b11eb71dfb92ab22567145a6f603b6b046515b0f9e1fd15bae0afdcc6d2bf6dac5e73e15b7a46c1246e8c27eafcc0f80a05128681dc097e0335
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-