General
-
Target
2020060308611765434567.exe
-
Size
426KB
-
Sample
200630-w6yx2d1rls
-
MD5
73879715ca072971d061ab4a227a649c
-
SHA1
ceb47d58621b19e04ae737f12ad71f1b2ff5ebf5
-
SHA256
d9db86325cb63915a31775ab7b78f14802fa077e3aed9122f0fb03e9f39d05f2
-
SHA512
1be81a26cb07a2904b3defc3b3feae63a57ea0e757671fc90147428803d8f286ff1d6e48ddb160bf11b6b569fcef7c8b376d7b5c7c04f77c1ada75c2847791b7
Static task
static1
Behavioral task
behavioral1
Sample
2020060308611765434567.exe
Resource
win7
Behavioral task
behavioral2
Sample
2020060308611765434567.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
gb@ronodo-online.com - Password:
mmm777
Targets
-
-
Target
2020060308611765434567.exe
-
Size
426KB
-
MD5
73879715ca072971d061ab4a227a649c
-
SHA1
ceb47d58621b19e04ae737f12ad71f1b2ff5ebf5
-
SHA256
d9db86325cb63915a31775ab7b78f14802fa077e3aed9122f0fb03e9f39d05f2
-
SHA512
1be81a26cb07a2904b3defc3b3feae63a57ea0e757671fc90147428803d8f286ff1d6e48ddb160bf11b6b569fcef7c8b376d7b5c7c04f77c1ada75c2847791b7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-