General
-
Target
yyyyyy.exe
-
Size
942KB
-
Sample
200630-en8nwt32vx
-
MD5
ad520c8794875fc5dfa4e5db1f97b634
-
SHA1
9b99a679b1d0df84f4f634ff16a182ee6086b44b
-
SHA256
b58248fcc771ae21b12857d72462c26ae30f3234bd5095986079c7b807791fa6
-
SHA512
b6792047c99a31e6d60f057f2b7b18a517fe97e7c55cdb510aa2344df283a6a5da0242887600a90fe1a6b9459fa424faeb4a6fb424fa6e3298b8ad378b428a13
Static task
static1
Behavioral task
behavioral1
Sample
yyyyyy.exe
Resource
win7v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.materialsmiquel.com - Port:
587 - Username:
antoni@materialsmiquel.com - Password:
fa5pEpewrE8a
Extracted
Protocol: smtp- Host:
mail.materialsmiquel.com - Port:
587 - Username:
antoni@materialsmiquel.com - Password:
fa5pEpewrE8a
Targets
-
-
Target
yyyyyy.exe
-
Size
942KB
-
MD5
ad520c8794875fc5dfa4e5db1f97b634
-
SHA1
9b99a679b1d0df84f4f634ff16a182ee6086b44b
-
SHA256
b58248fcc771ae21b12857d72462c26ae30f3234bd5095986079c7b807791fa6
-
SHA512
b6792047c99a31e6d60f057f2b7b18a517fe97e7c55cdb510aa2344df283a6a5da0242887600a90fe1a6b9459fa424faeb4a6fb424fa6e3298b8ad378b428a13
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-