General
-
Target
PO 31072020.exe
-
Size
507KB
-
Sample
200731-dzzkhpa2zj
-
MD5
3947aeb57f40c78747241975a6f08fc0
-
SHA1
6baa5eb10e7da8d731a1c111bd6132a5a564edcb
-
SHA256
9c301c48f5db16bfee94ef08013387f2e2a26e29b5533add910f0994a49d37a3
-
SHA512
b5870dc49e03fb207b4d8bd989a19bad946ac4de9383498c0b70ac7f42b84aaba465ff5212b615a5543b5443cc497f4b6bd0246c1b08e0befaff9b332d397a02
Static task
static1
Behavioral task
behavioral1
Sample
PO 31072020.exe
Resource
win7
Behavioral task
behavioral2
Sample
PO 31072020.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elyosr.org - Port:
587 - Username:
HR@elyosr.org - Password:
abcd1234
Targets
-
-
Target
PO 31072020.exe
-
Size
507KB
-
MD5
3947aeb57f40c78747241975a6f08fc0
-
SHA1
6baa5eb10e7da8d731a1c111bd6132a5a564edcb
-
SHA256
9c301c48f5db16bfee94ef08013387f2e2a26e29b5533add910f0994a49d37a3
-
SHA512
b5870dc49e03fb207b4d8bd989a19bad946ac4de9383498c0b70ac7f42b84aaba465ff5212b615a5543b5443cc497f4b6bd0246c1b08e0befaff9b332d397a02
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-