General
-
Target
60217778xls.scr
-
Size
513KB
-
Sample
200630-wx7yzm49la
-
MD5
2d8c1706c2ecb3d0abd19e7434cdbf10
-
SHA1
4a360f0e3e437af3e951bcd77b99b8de1bdc9a34
-
SHA256
369da6c535b8119d4b66593951b4b7939550e4454f9514869c408487a73634cd
-
SHA512
fb3d03ce9a42b38b92c388d4dd875b07c1e7f91eada9be70a510fccc8bacb7deeb48e2e16cec7498930ddd145a2dcd1834bd08a0e93a9c829f7b7d3b14a189ad
Static task
static1
Behavioral task
behavioral1
Sample
60217778xls.scr
Resource
win7v200430
Behavioral task
behavioral2
Sample
60217778xls.scr
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
pagejeffrey@yandex.com - Password:
$44#@weC0*
Targets
-
-
Target
60217778xls.scr
-
Size
513KB
-
MD5
2d8c1706c2ecb3d0abd19e7434cdbf10
-
SHA1
4a360f0e3e437af3e951bcd77b99b8de1bdc9a34
-
SHA256
369da6c535b8119d4b66593951b4b7939550e4454f9514869c408487a73634cd
-
SHA512
fb3d03ce9a42b38b92c388d4dd875b07c1e7f91eada9be70a510fccc8bacb7deeb48e2e16cec7498930ddd145a2dcd1834bd08a0e93a9c829f7b7d3b14a189ad
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-