General
-
Target
payment to new bank account.exe
-
Size
447KB
-
Sample
200624-w1qj7mvtze
-
MD5
783f004a10ee4968177781da7c16afe6
-
SHA1
86ba9ef1a91abf63cf9a3c6bcc7a67fa37e3494e
-
SHA256
5a9f5848c0305a43cf26c3776ed1d4683fbc9d2f59349cd741efe792313affaa
-
SHA512
9c3f1f4234691671b3852380feff86462675cc6c1c855ab2ed1cd0f6e83d6ca0bb377589df9b0af74211bf0046034cc59a30871931d51d1bfae6b2750a4845d3
Static task
static1
Behavioral task
behavioral1
Sample
payment to new bank account.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
payment to new bank account.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
millersolomonjaja@yandex.ru - Password:
solomon12345$$$1
Targets
-
-
Target
payment to new bank account.exe
-
Size
447KB
-
MD5
783f004a10ee4968177781da7c16afe6
-
SHA1
86ba9ef1a91abf63cf9a3c6bcc7a67fa37e3494e
-
SHA256
5a9f5848c0305a43cf26c3776ed1d4683fbc9d2f59349cd741efe792313affaa
-
SHA512
9c3f1f4234691671b3852380feff86462675cc6c1c855ab2ed1cd0f6e83d6ca0bb377589df9b0af74211bf0046034cc59a30871931d51d1bfae6b2750a4845d3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-