General
-
Target
978905601.msi
-
Size
464KB
-
Sample
200630-28j3bns2ve
-
MD5
f2eaec2d18d76621ed844a1877dc360f
-
SHA1
dde6b3b51bb85fcc964201b6cdb183ca9704b81c
-
SHA256
15c7aaf96e773849126a63a0c6b567cd27825fe56ebe262098dc56c69432b531
-
SHA512
9f37b6f8a924bb68a72c5b94cd497e9fb729878fa8239f60a7dbff11068b40fb98db487fb4111201542478e0244e1d8e17cc3a3ab03230bc486b65bf2863f712
Static task
static1
Behavioral task
behavioral1
Sample
978905601.msi
Resource
win7v200430
Behavioral task
behavioral2
Sample
978905601.msi
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
baso.elcx@yandex.com - Password:
HYF76io83%$6
Targets
-
-
Target
978905601.msi
-
Size
464KB
-
MD5
f2eaec2d18d76621ed844a1877dc360f
-
SHA1
dde6b3b51bb85fcc964201b6cdb183ca9704b81c
-
SHA256
15c7aaf96e773849126a63a0c6b567cd27825fe56ebe262098dc56c69432b531
-
SHA512
9f37b6f8a924bb68a72c5b94cd497e9fb729878fa8239f60a7dbff11068b40fb98db487fb4111201542478e0244e1d8e17cc3a3ab03230bc486b65bf2863f712
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-