General
-
Target
BL draft FORM_xls.exe
-
Size
762KB
-
Sample
200731-rqfye2rg6n
-
MD5
99996216855c81d9cc40d112468cfc26
-
SHA1
76e36c04c6fc6fd81a35b777df3f7c24feae524a
-
SHA256
7b8df140852947533df21149c9bcb88be9cf040440dfb8f5eb7140171d67ce52
-
SHA512
82aec45d3f0545e5639a075991fcc303258c64baf9653b7d45554fc9ba88de8cb6f9b9b15cfc9c2308ec798457494429ec2fbf8cb17565b36940ecaa5bd28789
Static task
static1
Behavioral task
behavioral1
Sample
BL draft FORM_xls.exe
Resource
win7
Behavioral task
behavioral2
Sample
BL draft FORM_xls.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
evra@moorefundz.com - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
BL draft FORM_xls.exe
-
Size
762KB
-
MD5
99996216855c81d9cc40d112468cfc26
-
SHA1
76e36c04c6fc6fd81a35b777df3f7c24feae524a
-
SHA256
7b8df140852947533df21149c9bcb88be9cf040440dfb8f5eb7140171d67ce52
-
SHA512
82aec45d3f0545e5639a075991fcc303258c64baf9653b7d45554fc9ba88de8cb6f9b9b15cfc9c2308ec798457494429ec2fbf8cb17565b36940ecaa5bd28789
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-