General
-
Target
9a041438adec53ed9e8f6ed3b2eb709b.exe
-
Size
661KB
-
Sample
210226-lgjmcc8mvx
-
MD5
9a041438adec53ed9e8f6ed3b2eb709b
-
SHA1
dbabb8cb2b96c4e4cc4006084ebd3918e48c5cfb
-
SHA256
bb8889ec467fc276ee609b20f9f321dbd97b0bdba919bbf9e38f7d8d7517ed2b
-
SHA512
4766bf1e508b0397f8b936a5a1b8fef2b63091f2b204953c32a4db4b80dd8624c77d58500f1b003bb0d888296d7156ce9ff5b0298843ee4b4501895e4c30cbe6
Static task
static1
Behavioral task
behavioral1
Sample
9a041438adec53ed9e8f6ed3b2eb709b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
9a041438adec53ed9e8f6ed3b2eb709b.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.konokonozanzibar.com - Port:
587 - Username:
[email protected] - Password:
Kk20@All
Targets
-
-
Target
9a041438adec53ed9e8f6ed3b2eb709b.exe
-
Size
661KB
-
MD5
9a041438adec53ed9e8f6ed3b2eb709b
-
SHA1
dbabb8cb2b96c4e4cc4006084ebd3918e48c5cfb
-
SHA256
bb8889ec467fc276ee609b20f9f321dbd97b0bdba919bbf9e38f7d8d7517ed2b
-
SHA512
4766bf1e508b0397f8b936a5a1b8fef2b63091f2b204953c32a4db4b80dd8624c77d58500f1b003bb0d888296d7156ce9ff5b0298843ee4b4501895e4c30cbe6
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-