General
-
Target
swift 000394893903_06-30-2020.exe
-
Size
447KB
-
Sample
200630-btafsa7qpx
-
MD5
6f91140fa0d68de6d62259cba6589a8e
-
SHA1
255bfe754cd1ae48f374d073f97fc1499edc0ec2
-
SHA256
5e75bcc407b1263e3d3d72f2262d16a48b456103c9078eeff72159c29800eaf9
-
SHA512
4143779ff0576e7996b49f0cf54746fdccdbc2022e9179a20b5b95d884c3d66af0b9c0b27d5ea6f8b39c99701eba501edc0c40bb8a3ba316de026356b0108310
Static task
static1
Behavioral task
behavioral1
Sample
swift 000394893903_06-30-2020.exe
Resource
win7
Behavioral task
behavioral2
Sample
swift 000394893903_06-30-2020.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.protege.com.mx - Port:
587 - Username:
veronica.serrato@protege.com.mx - Password:
se*-V
Targets
-
-
Target
swift 000394893903_06-30-2020.exe
-
Size
447KB
-
MD5
6f91140fa0d68de6d62259cba6589a8e
-
SHA1
255bfe754cd1ae48f374d073f97fc1499edc0ec2
-
SHA256
5e75bcc407b1263e3d3d72f2262d16a48b456103c9078eeff72159c29800eaf9
-
SHA512
4143779ff0576e7996b49f0cf54746fdccdbc2022e9179a20b5b95d884c3d66af0b9c0b27d5ea6f8b39c99701eba501edc0c40bb8a3ba316de026356b0108310
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-