General
-
Target
RFQ 107801022.exe
-
Size
412KB
-
Sample
200712-z5be2fwylx
-
MD5
afc225f7967645ccb4e431442204e5a0
-
SHA1
35e99a6330b39eb8fe349904438483a5773a33bd
-
SHA256
ce5a82d9e4d14e5511170ff4bb06aeaa49a937c39a6770a8e9b38d589b8339f6
-
SHA512
49d52d9cee65685b736b89ce934c1e59fe94cf7ae2d870265b28d12c74f4c5eee9c4d5d278a45757e86811ad0bb9808456825d6575bdd16d7c980ac2014472f3
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 107801022.exe
Resource
win7
Behavioral task
behavioral2
Sample
RFQ 107801022.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
greendogdog@yandex.com - Password:
dooby511
Targets
-
-
Target
RFQ 107801022.exe
-
Size
412KB
-
MD5
afc225f7967645ccb4e431442204e5a0
-
SHA1
35e99a6330b39eb8fe349904438483a5773a33bd
-
SHA256
ce5a82d9e4d14e5511170ff4bb06aeaa49a937c39a6770a8e9b38d589b8339f6
-
SHA512
49d52d9cee65685b736b89ce934c1e59fe94cf7ae2d870265b28d12c74f4c5eee9c4d5d278a45757e86811ad0bb9808456825d6575bdd16d7c980ac2014472f3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-