General
-
Target
PO#8434223.exe
-
Size
656KB
-
Sample
200630-8xq9jvawga
-
MD5
61356bd5db7975da21da4bda24adce56
-
SHA1
be07eab48cf6fbe157b66b73c4ffabe8a5a20841
-
SHA256
81017d8c509a860f8c0181a8e7a33c1c6fd27e69d995a734ede171e4b999da81
-
SHA512
2c929c689e2711370e566aceaa1067f1acbbad1f02a6a5e504d7bcb0872eba0b3855091c2f11164af0ad85338da6c83b81e22c0740252e49546710e52e68072f
Static task
static1
Behavioral task
behavioral1
Sample
PO#8434223.exe
Resource
win7
Behavioral task
behavioral2
Sample
PO#8434223.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.unalanguvenlik.com - Port:
587 - Username:
alora@unalanguvenlik.com - Password:
8sA#~nXVoIjH
Targets
-
-
Target
PO#8434223.exe
-
Size
656KB
-
MD5
61356bd5db7975da21da4bda24adce56
-
SHA1
be07eab48cf6fbe157b66b73c4ffabe8a5a20841
-
SHA256
81017d8c509a860f8c0181a8e7a33c1c6fd27e69d995a734ede171e4b999da81
-
SHA512
2c929c689e2711370e566aceaa1067f1acbbad1f02a6a5e504d7bcb0872eba0b3855091c2f11164af0ad85338da6c83b81e22c0740252e49546710e52e68072f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-