General
-
Target
SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.8071
-
Size
714KB
-
Sample
200801-z7cps5hnbn
-
MD5
d0bed35c9c0c8978d426739cda487034
-
SHA1
4a34825946a8c3ce267ecb6cf27d8d9b212344a6
-
SHA256
99876ee50802848768d32d6cd179141603d76259e33c223b47204e33ef4b416d
-
SHA512
eb71bf4da14faac29eca341fe9232142a3219f4b069f23f37942272dda8f85a55dec78cefeae70ceae36009d5db168f85c844ffc50f7e1b539a412cad427f684
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.8071.exe
Resource
win7v200722
Malware Config
Extracted
Protocol: smtp- Host:
mail.serrador.com - Port:
587 - Username:
jordi@serrador.com - Password:
jordiserrador
Targets
-
-
Target
SecuriteInfo.com.Trojan.PWS.GrandStealNET.2.14775.8071
-
Size
714KB
-
MD5
d0bed35c9c0c8978d426739cda487034
-
SHA1
4a34825946a8c3ce267ecb6cf27d8d9b212344a6
-
SHA256
99876ee50802848768d32d6cd179141603d76259e33c223b47204e33ef4b416d
-
SHA512
eb71bf4da14faac29eca341fe9232142a3219f4b069f23f37942272dda8f85a55dec78cefeae70ceae36009d5db168f85c844ffc50f7e1b539a412cad427f684
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-