General
-
Target
Payment Notification.exe
-
Size
609KB
-
Sample
200630-hsz9ekykts
-
MD5
cf0e7eab0b481b19ddae9e91da7f33bf
-
SHA1
6cdb55e9de8e6ff1f5908ecdfe9acf78e6f9f507
-
SHA256
97877280bba9500fb1cb5d466a66337ff281c278339b089bcb661bbb342adcf1
-
SHA512
94f3e513878bd66e7d52bf34b6089ba5ed3fce558fcf154a29023f3b447d9b1d75db51edf0bb01970a1d25ed7ce1cc11fd210af9f567559292cc379fc95290ec
Static task
static1
Behavioral task
behavioral1
Sample
Payment Notification.exe
Resource
win7
Behavioral task
behavioral2
Sample
Payment Notification.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
logsdetails0@yandex.com - Password:
Hunter$#@145722
Targets
-
-
Target
Payment Notification.exe
-
Size
609KB
-
MD5
cf0e7eab0b481b19ddae9e91da7f33bf
-
SHA1
6cdb55e9de8e6ff1f5908ecdfe9acf78e6f9f507
-
SHA256
97877280bba9500fb1cb5d466a66337ff281c278339b089bcb661bbb342adcf1
-
SHA512
94f3e513878bd66e7d52bf34b6089ba5ed3fce558fcf154a29023f3b447d9b1d75db51edf0bb01970a1d25ed7ce1cc11fd210af9f567559292cc379fc95290ec
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-