General
-
Target
000102068976421xls.exe
-
Size
501KB
-
Sample
200630-wtd87vbnsx
-
MD5
aca5a35b863484a94a66cb52273dbb36
-
SHA1
ba44b9c77293e2a50efde7be10e67301ee674dd3
-
SHA256
ad6a160f9fad0fefa2f7ffdd0e8b5c43f62bf8983b14443b4c33115592297663
-
SHA512
246029966efbdd70680f1f7339424922c69bd3afe80016d5fc958cd2608ae916366597e6c3b16e586c41ae33ba44fb5de9a5669dd6ffd81cde4cd1df1f2467e8
Static task
static1
Behavioral task
behavioral1
Sample
000102068976421xls.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
000102068976421xls.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
fleischermar@yandex.com - Password:
$%$nWr+eH
Targets
-
-
Target
000102068976421xls.exe
-
Size
501KB
-
MD5
aca5a35b863484a94a66cb52273dbb36
-
SHA1
ba44b9c77293e2a50efde7be10e67301ee674dd3
-
SHA256
ad6a160f9fad0fefa2f7ffdd0e8b5c43f62bf8983b14443b4c33115592297663
-
SHA512
246029966efbdd70680f1f7339424922c69bd3afe80016d5fc958cd2608ae916366597e6c3b16e586c41ae33ba44fb5de9a5669dd6ffd81cde4cd1df1f2467e8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-