General
-
Target
HS1-1909260019.exe
-
Size
470KB
-
Sample
200630-4wbg1xn24e
-
MD5
62197aa1ffa130ee799d16ab8f155fe8
-
SHA1
6701022c36cdfb257ba1d6f035d32491184872d1
-
SHA256
8d8a182ec1056ddb74380d90ce73b3f14fc7cf119d8b1902bdd31de2dcf8c47e
-
SHA512
405eeb6ddc7ff16719148375e18ac99b0e2f1a391db6d778e054c0ee182930e843378fec3adc6681eb7090812a4915628626e844440e0553e24ee8558341a9c1
Static task
static1
Behavioral task
behavioral1
Sample
HS1-1909260019.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
HS1-1909260019.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cabseal.com - Port:
587 - Username:
office@cabseal.com - Password:
off@cabseal_2018
Extracted
Protocol: smtp- Host:
mail.cabseal.com - Port:
587 - Username:
office@cabseal.com - Password:
off@cabseal_2018
Targets
-
-
Target
HS1-1909260019.exe
-
Size
470KB
-
MD5
62197aa1ffa130ee799d16ab8f155fe8
-
SHA1
6701022c36cdfb257ba1d6f035d32491184872d1
-
SHA256
8d8a182ec1056ddb74380d90ce73b3f14fc7cf119d8b1902bdd31de2dcf8c47e
-
SHA512
405eeb6ddc7ff16719148375e18ac99b0e2f1a391db6d778e054c0ee182930e843378fec3adc6681eb7090812a4915628626e844440e0553e24ee8558341a9c1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-