General
-
Target
20OA06052_085812310720.exe
-
Size
716KB
-
Sample
200731-dg9jek6zdj
-
MD5
a5a88021e46df03d29bec0dbb015d057
-
SHA1
b28ca8a8b0ad0712ddc0e146c44f6f89f0fa652c
-
SHA256
24154b374505bf76998acbeb5dafbf42a61a516234f2f1b708784ec3669bfbd1
-
SHA512
c0286b2d708bc97e0d2c5fdc0846729ada95f9ac1f6210c149e8db8fcbc44455206be2f2eb0bca57c1935f7dfa7cbc0bc4bf09e9dc797be11b3e5263c971b986
Static task
static1
Behavioral task
behavioral1
Sample
20OA06052_085812310720.exe
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.solivera.com - Port:
587 - Username:
info@solivera.com - Password:
.7S+{Gv&\{
Targets
-
-
Target
20OA06052_085812310720.exe
-
Size
716KB
-
MD5
a5a88021e46df03d29bec0dbb015d057
-
SHA1
b28ca8a8b0ad0712ddc0e146c44f6f89f0fa652c
-
SHA256
24154b374505bf76998acbeb5dafbf42a61a516234f2f1b708784ec3669bfbd1
-
SHA512
c0286b2d708bc97e0d2c5fdc0846729ada95f9ac1f6210c149e8db8fcbc44455206be2f2eb0bca57c1935f7dfa7cbc0bc4bf09e9dc797be11b3e5263c971b986
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-