General
-
Target
Order purchase list.exe
-
Size
402KB
-
Sample
200630-9rmw8xq2gj
-
MD5
4a772b183e9988be868319c441faf55e
-
SHA1
b908a4ca5925548e62d8bbf194de7ca0b47d62e7
-
SHA256
9add2a18d24644570fc7a754eb3e72052ada8d540bd23be205eb501bf3f02a31
-
SHA512
4e2183ff85adcd407fd5f411f4d1e1f74c51b3034223533094e4b6279e710f961e91e0e7be528441dc771df334b84f8c2a4520823e647e84c62e219b914b0f7f
Static task
static1
Behavioral task
behavioral1
Sample
Order purchase list.exe
Resource
win7
Behavioral task
behavioral2
Sample
Order purchase list.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sensar-light.com - Port:
587 - Username:
sale6@sensar-light.com - Password:
chibuike12345@@@@@
Targets
-
-
Target
Order purchase list.exe
-
Size
402KB
-
MD5
4a772b183e9988be868319c441faf55e
-
SHA1
b908a4ca5925548e62d8bbf194de7ca0b47d62e7
-
SHA256
9add2a18d24644570fc7a754eb3e72052ada8d540bd23be205eb501bf3f02a31
-
SHA512
4e2183ff85adcd407fd5f411f4d1e1f74c51b3034223533094e4b6279e710f961e91e0e7be528441dc771df334b84f8c2a4520823e647e84c62e219b914b0f7f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-