General
-
Target
AWB 1382297265.exe
-
Size
706KB
-
Sample
200731-zkkafxr14x
-
MD5
968ce7d180f5bf4b5348ea2c4fd25903
-
SHA1
09ae804989bcc707126cce9ffa03a7c5050d8abd
-
SHA256
94e264f2655f2898b4e1b4fb2902702e0bb54ab1dcd2e280266e3b6d81611172
-
SHA512
887f7c77d9164c529fff9dbb1c5ffb22ef58527004567b5e067305d7204f0cfdd875f52b000773532d6fa79cbf4040906c0f908e34ac1a57b73429115ec701a9
Static task
static1
Behavioral task
behavioral1
Sample
AWB 1382297265.exe
Resource
win7
Behavioral task
behavioral2
Sample
AWB 1382297265.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
markusha.eric@yandex.com - Password:
udehanyim@11
Targets
-
-
Target
AWB 1382297265.exe
-
Size
706KB
-
MD5
968ce7d180f5bf4b5348ea2c4fd25903
-
SHA1
09ae804989bcc707126cce9ffa03a7c5050d8abd
-
SHA256
94e264f2655f2898b4e1b4fb2902702e0bb54ab1dcd2e280266e3b6d81611172
-
SHA512
887f7c77d9164c529fff9dbb1c5ffb22ef58527004567b5e067305d7204f0cfdd875f52b000773532d6fa79cbf4040906c0f908e34ac1a57b73429115ec701a9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-