General
-
Target
cceb139330512f9c7820a18f87b89062.exe
-
Size
1.7MB
-
Sample
210215-8m3g3rhssa
-
MD5
cceb139330512f9c7820a18f87b89062
-
SHA1
e7fb7ee6e060b98b8e5823490aea1015798406fd
-
SHA256
b045b7b993b005e1930ca50a9eb65df8b62ca29d1dfdbbb28ca6621384172908
-
SHA512
5594cf5903b58c934ee33c2421e9256a0c5f452d1a9e2521d7ad02b36560fda37caf1f2a637628673273295ccb5303dd6faac4cc3db6ad7f17059998d8700d49
Static task
static1
Behavioral task
behavioral1
Sample
cceb139330512f9c7820a18f87b89062.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
cceb139330512f9c7820a18f87b89062.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
Dollarbills1234
Targets
-
-
Target
cceb139330512f9c7820a18f87b89062.exe
-
Size
1.7MB
-
MD5
cceb139330512f9c7820a18f87b89062
-
SHA1
e7fb7ee6e060b98b8e5823490aea1015798406fd
-
SHA256
b045b7b993b005e1930ca50a9eb65df8b62ca29d1dfdbbb28ca6621384172908
-
SHA512
5594cf5903b58c934ee33c2421e9256a0c5f452d1a9e2521d7ad02b36560fda37caf1f2a637628673273295ccb5303dd6faac4cc3db6ad7f17059998d8700d49
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-