General
-
Target
CI, PL & Draft BL.scr
-
Size
548KB
-
Sample
200630-bbdtdjj876
-
MD5
e1b0c67785b827e7d33c6150dbd2f199
-
SHA1
1d8fdd7eb1c87fb8b04bd1e3384f5d27e46ba307
-
SHA256
dd094a53acb45fb8c7ad5b00763b86703e63a2c1382a0711405a3b8aab68753d
-
SHA512
581b94f4c67b9569e449eba88212ab17ff4293f96acf523bbcc50b4fbe3d2b5005276781d493999192a0018c5a449cf2c91fe5e41924a9db89cb6900a5b26428
Static task
static1
Behavioral task
behavioral1
Sample
CI, PL & Draft BL.scr
Resource
win7v200430
Behavioral task
behavioral2
Sample
CI, PL & Draft BL.scr
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
st.edwardsg@yandex.com - Password:
!A%R,@%rUjmP
Targets
-
-
Target
CI, PL & Draft BL.scr
-
Size
548KB
-
MD5
e1b0c67785b827e7d33c6150dbd2f199
-
SHA1
1d8fdd7eb1c87fb8b04bd1e3384f5d27e46ba307
-
SHA256
dd094a53acb45fb8c7ad5b00763b86703e63a2c1382a0711405a3b8aab68753d
-
SHA512
581b94f4c67b9569e449eba88212ab17ff4293f96acf523bbcc50b4fbe3d2b5005276781d493999192a0018c5a449cf2c91fe5e41924a9db89cb6900a5b26428
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-