General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.589
-
Size
31KB
-
Sample
210122-1pp4jj4x9j
-
MD5
45a72653fb1d34a564f611c1f3594c02
-
SHA1
0c3699cf3a892cd4a9057b24a0b5e5083b55923f
-
SHA256
734bd3a51497f8faf4a48e596768e68cbede73e21c5dfcc1c8b8da9b02a4c4c2
-
SHA512
d15357a51b33f72dfb700d9009f6a71699ef8c19841c1f5fb9b200330569941a35cea90644dae72e4768d3eef8799e8d3ea7e96d87909881ce33b4e5e16fde78
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.589.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.589.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
frostdell.uk - Port:
587 - Username:
alexlogs@frostdell.uk - Password:
7213575aceACE@#$
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.nm.589
-
Size
31KB
-
MD5
45a72653fb1d34a564f611c1f3594c02
-
SHA1
0c3699cf3a892cd4a9057b24a0b5e5083b55923f
-
SHA256
734bd3a51497f8faf4a48e596768e68cbede73e21c5dfcc1c8b8da9b02a4c4c2
-
SHA512
d15357a51b33f72dfb700d9009f6a71699ef8c19841c1f5fb9b200330569941a35cea90644dae72e4768d3eef8799e8d3ea7e96d87909881ce33b4e5e16fde78
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-