General
-
Target
SecuriteInfo.com.GenericRXNJ-EED6E27CA5FDA8.16229
-
Size
66KB
-
Sample
210122-441sg6grza
-
MD5
d6e27ca5fda89dad7196cf7221682383
-
SHA1
98f18f3e3dce449b095c9d12bd7086875d75a6a3
-
SHA256
8d299c63fc884940002e9858925dc405621d1d57637d956944d224bb0e97371f
-
SHA512
899c0d9d32bfab89f6385194d6932adf68d41d50a51fef0ad45625aa4890fd16f7039a095d83c2f3dc94abec92be863f01150c4ee8d1af398872461c14c8b5bc
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.GenericRXNJ-EED6E27CA5FDA8.16229.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.GenericRXNJ-EED6E27CA5FDA8.16229.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
frostdell.uk - Port:
587 - Username:
pinterlog@frostdell.uk - Password:
7213575aceACE@#$
Targets
-
-
Target
SecuriteInfo.com.GenericRXNJ-EED6E27CA5FDA8.16229
-
Size
66KB
-
MD5
d6e27ca5fda89dad7196cf7221682383
-
SHA1
98f18f3e3dce449b095c9d12bd7086875d75a6a3
-
SHA256
8d299c63fc884940002e9858925dc405621d1d57637d956944d224bb0e97371f
-
SHA512
899c0d9d32bfab89f6385194d6932adf68d41d50a51fef0ad45625aa4890fd16f7039a095d83c2f3dc94abec92be863f01150c4ee8d1af398872461c14c8b5bc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-