General
-
Target
18000.00.exe
-
Size
1010KB
-
Sample
210122-2kbydj5aax
-
MD5
ed2b6aa207a4ff0634d149aab2bf7d83
-
SHA1
df51f95a4113b90a0cd5f949e880de892c1f1402
-
SHA256
785b29fe86f009b0509eb626c3914b01c321f3e0d369177acc71de2f0256cad5
-
SHA512
807bd80e4deebf9bd56e7916f608411a2d1420ad368fd162a47f0be342fb9586308188d7a687734ab9ffc8268035349724e3de36b366b1247de20cbfcc5e7420
Static task
static1
Behavioral task
behavioral1
Sample
18000.00.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
18000.00.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lockitsolutions.co.ke - Port:
587 - Username:
sima@lockitsolutions.co.ke - Password:
to-MTQtLj}xm
Targets
-
-
Target
18000.00.exe
-
Size
1010KB
-
MD5
ed2b6aa207a4ff0634d149aab2bf7d83
-
SHA1
df51f95a4113b90a0cd5f949e880de892c1f1402
-
SHA256
785b29fe86f009b0509eb626c3914b01c321f3e0d369177acc71de2f0256cad5
-
SHA512
807bd80e4deebf9bd56e7916f608411a2d1420ad368fd162a47f0be342fb9586308188d7a687734ab9ffc8268035349724e3de36b366b1247de20cbfcc5e7420
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-