General
-
Target
Doc#243567298.exe
-
Size
574KB
-
Sample
200630-zf4er1p8va
-
MD5
2181ddc7631f71f3d6809ba15f89bf49
-
SHA1
cd660cf95580790d1021d69d3e11423586938c32
-
SHA256
bce54c823dd88b4bcb06eac2581ba7c290476786d6c76daf0f765066742e0c6f
-
SHA512
382213d0b5d584c5db7a941c0b4b9cc1e6e9fffc017d6c8feaff33f6e3d0114d490c33cbca3d5a6193a2b70ee30c5a7c7f5e6e7556cb89cf69fb2c18338b0cfd
Static task
static1
Behavioral task
behavioral1
Sample
Doc#243567298.exe
Resource
win7
Behavioral task
behavioral2
Sample
Doc#243567298.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
dogdollars@jakartta.xyz - Password:
winnerq123
Targets
-
-
Target
Doc#243567298.exe
-
Size
574KB
-
MD5
2181ddc7631f71f3d6809ba15f89bf49
-
SHA1
cd660cf95580790d1021d69d3e11423586938c32
-
SHA256
bce54c823dd88b4bcb06eac2581ba7c290476786d6c76daf0f765066742e0c6f
-
SHA512
382213d0b5d584c5db7a941c0b4b9cc1e6e9fffc017d6c8feaff33f6e3d0114d490c33cbca3d5a6193a2b70ee30c5a7c7f5e6e7556cb89cf69fb2c18338b0cfd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-