General
-
Target
a44c19ade0a232bea5617b7d512217fa.exe
-
Size
688KB
-
Sample
200630-9cm983agp6
-
MD5
a44c19ade0a232bea5617b7d512217fa
-
SHA1
91f2f90bf2d0d32172b207d32bc36b08ca0a44be
-
SHA256
a4c70297087ab9d2ba1dfa7452273fdf66295bf4ab7fa001e04841a9dd8c02ef
-
SHA512
c9769773cd7228d231cffece61a827051826b6a7670fc4d9923c3ee9f06a42d01944583ea035b325e58b0ddd3defab064239db77e7e4125a68de0ce7a998f94c
Static task
static1
Behavioral task
behavioral1
Sample
a44c19ade0a232bea5617b7d512217fa.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
a44c19ade0a232bea5617b7d512217fa.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vibrantford.co.in - Port:
587 - Username:
commercial@vibrantford.co.in - Password:
Sguda@1
Extracted
Protocol: smtp- Host:
mail.vibrantford.co.in - Port:
587 - Username:
commercial@vibrantford.co.in - Password:
Sguda@1
Targets
-
-
Target
a44c19ade0a232bea5617b7d512217fa.exe
-
Size
688KB
-
MD5
a44c19ade0a232bea5617b7d512217fa
-
SHA1
91f2f90bf2d0d32172b207d32bc36b08ca0a44be
-
SHA256
a4c70297087ab9d2ba1dfa7452273fdf66295bf4ab7fa001e04841a9dd8c02ef
-
SHA512
c9769773cd7228d231cffece61a827051826b6a7670fc4d9923c3ee9f06a42d01944583ea035b325e58b0ddd3defab064239db77e7e4125a68de0ce7a998f94c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-