General
-
Target
200004396.exe
-
Size
399KB
-
Sample
200630-qgm5gp9zmx
-
MD5
7e90e5f5106e876f9f080b224cbc069d
-
SHA1
8e52b1163bcc86538aa8beb66166cba9c1ee426c
-
SHA256
7ac2dee76520e25a21918a6ee79eedaf1a9de51aaee643d21d9cf6346451555e
-
SHA512
4f60c309c6abb4757b68261736a4ab0eb14252316ee673e872080c323a89be6761139b0e95fdafdc8eb05e14a99aa74d21c735a35182f808fcb76f3eb12f2d0f
Static task
static1
Behavioral task
behavioral1
Sample
200004396.exe
Resource
win7
Behavioral task
behavioral2
Sample
200004396.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
f.grac3@yandex.ru - Password:
HYBRID@@@
Targets
-
-
Target
200004396.exe
-
Size
399KB
-
MD5
7e90e5f5106e876f9f080b224cbc069d
-
SHA1
8e52b1163bcc86538aa8beb66166cba9c1ee426c
-
SHA256
7ac2dee76520e25a21918a6ee79eedaf1a9de51aaee643d21d9cf6346451555e
-
SHA512
4f60c309c6abb4757b68261736a4ab0eb14252316ee673e872080c323a89be6761139b0e95fdafdc8eb05e14a99aa74d21c735a35182f808fcb76f3eb12f2d0f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-