General
-
Target
Recibo del envío.exe
-
Size
1015KB
-
Sample
200630-5akn487dtn
-
MD5
fb6f39487961ff0ab1772bae6eec5704
-
SHA1
d5ba16fd8e51397a19c24c20c022a62f4d8637d7
-
SHA256
664b69b27e77e1458d7fff94e384830b0e6e63b29d3ca5a3babf07c942333b5f
-
SHA512
4fb8a1b2d44043c2e703e1d829623f39abb05856fe45cbcc734114364c01eae50bbefb0c2ddd57f86dccc7f983522b2f1a93d7d6950cfd8f1a0e1b6c482fc683
Static task
static1
Behavioral task
behavioral1
Sample
Recibo del envío.exe
Resource
win7
Behavioral task
behavioral2
Sample
Recibo del envío.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
es.cajamar@yandex.com - Password:
Universe2830
Targets
-
-
Target
Recibo del envío.exe
-
Size
1015KB
-
MD5
fb6f39487961ff0ab1772bae6eec5704
-
SHA1
d5ba16fd8e51397a19c24c20c022a62f4d8637d7
-
SHA256
664b69b27e77e1458d7fff94e384830b0e6e63b29d3ca5a3babf07c942333b5f
-
SHA512
4fb8a1b2d44043c2e703e1d829623f39abb05856fe45cbcc734114364c01eae50bbefb0c2ddd57f86dccc7f983522b2f1a93d7d6950cfd8f1a0e1b6c482fc683
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-