General
-
Target
Scanned doc.exe
-
Size
482KB
-
Sample
200731-nha6n263cx
-
MD5
70cf26be4ca82d7a3e0c7092d02d0520
-
SHA1
33701ba7b7ecec46decec6095dd47eb455f540d6
-
SHA256
a7af597188e3940ae7010e605d11e10b33f48632d2fec2c061c0c46d75c531b1
-
SHA512
50241a5e3863c3c249f00cbfebeabe705509f7cd4a4d2521334959ed0f50694dd8ce105dd3274e038ceb72fc2e22a49f3209f8f163ca2c95c0d10ed96e45376f
Static task
static1
Behavioral task
behavioral1
Sample
Scanned doc.exe
Resource
win7
Behavioral task
behavioral2
Sample
Scanned doc.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Targets
-
-
Target
Scanned doc.exe
-
Size
482KB
-
MD5
70cf26be4ca82d7a3e0c7092d02d0520
-
SHA1
33701ba7b7ecec46decec6095dd47eb455f540d6
-
SHA256
a7af597188e3940ae7010e605d11e10b33f48632d2fec2c061c0c46d75c531b1
-
SHA512
50241a5e3863c3c249f00cbfebeabe705509f7cd4a4d2521334959ed0f50694dd8ce105dd3274e038ceb72fc2e22a49f3209f8f163ca2c95c0d10ed96e45376f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-