General
-
Target
J636O1HwRb7NUme.exe
-
Size
413KB
-
Sample
200630-19s1jexqrj
-
MD5
7d92069a9a8ac8a672b62b5310b05f92
-
SHA1
1e29d1d7e9ab44ef51363715256230ac762df94f
-
SHA256
19431ff59946eae2bff6bd9ab5dde7fe6cf57495e2ffa388c92544e24f8f77f1
-
SHA512
f6d82ecf8c02c5eaa9f4479dbdf6e7f0f94678ab28f67df89e7c6bba182e01a5ab50ed53bbb613098a55dbe26aec6e5668a8f71fa6fb78591504704be950f99b
Static task
static1
Behavioral task
behavioral1
Sample
J636O1HwRb7NUme.exe
Resource
win7
Behavioral task
behavioral2
Sample
J636O1HwRb7NUme.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
ethan.georgegeorge@yandex.com - Password:
Megamoney002
Targets
-
-
Target
J636O1HwRb7NUme.exe
-
Size
413KB
-
MD5
7d92069a9a8ac8a672b62b5310b05f92
-
SHA1
1e29d1d7e9ab44ef51363715256230ac762df94f
-
SHA256
19431ff59946eae2bff6bd9ab5dde7fe6cf57495e2ffa388c92544e24f8f77f1
-
SHA512
f6d82ecf8c02c5eaa9f4479dbdf6e7f0f94678ab28f67df89e7c6bba182e01a5ab50ed53bbb613098a55dbe26aec6e5668a8f71fa6fb78591504704be950f99b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-