General
-
Target
Scanned doc.exe
-
Size
479KB
-
Sample
200731-z564rzg9k2
-
MD5
d3a47dde867f6f4b101b3d723b3c12a5
-
SHA1
8f39c08d0b14a6be21dcbbbda541012a8c0c9082
-
SHA256
891aad4c074da1158dbb19b406248a8c70b22f589f57225a8e12261c4298c925
-
SHA512
d1ce8768bec5d98ee7bd9c20fa85f2a5ae1639748eaa9fe9f21b9f0382e92826a8273aa3e463b3e6e45c4eddfa63baad4adca7af6f5dbc8d390abdc62611a121
Static task
static1
Behavioral task
behavioral1
Sample
Scanned doc.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Scanned doc.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
goksal.sir@prosoftelektrik.com - Password:
Wm^kN*!7
Targets
-
-
Target
Scanned doc.exe
-
Size
479KB
-
MD5
d3a47dde867f6f4b101b3d723b3c12a5
-
SHA1
8f39c08d0b14a6be21dcbbbda541012a8c0c9082
-
SHA256
891aad4c074da1158dbb19b406248a8c70b22f589f57225a8e12261c4298c925
-
SHA512
d1ce8768bec5d98ee7bd9c20fa85f2a5ae1639748eaa9fe9f21b9f0382e92826a8273aa3e463b3e6e45c4eddfa63baad4adca7af6f5dbc8d390abdc62611a121
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-