General
-
Target
FedEx TRACKING DETAILS-pdf.exe
-
Size
1.5MB
-
Sample
200528-bxzgq78yae
-
MD5
691ba435d9fcfd46db14ad44db6b62f7
-
SHA1
00399fce73d68d2645fa8328cf1911e4291a7e6f
-
SHA256
34b456c41cd342c8ac0cec6146b9c700289511061a7b4f21838f660368b2793b
-
SHA512
91942ae081afe5099a0dbee801f712f3a8c73661ee6f116c1c63a0ead684701a516a8a619cc28bc5526c05a9cf3bfc28d7e25e51482ad7eee4d3b54945352242
Static task
static1
Behavioral task
behavioral1
Sample
FedEx TRACKING DETAILS-pdf.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
FedEx TRACKING DETAILS-pdf.exe
Resource
win10v200430
Malware Config
Extracted
Protocol: ftp- Host:
ftp.kassohome.com.tr - Port:
21 - Username:
bringlogs@kassohome.com.tr - Password:
J%jCb2L=!5~E
Targets
-
-
Target
FedEx TRACKING DETAILS-pdf.exe
-
Size
1.5MB
-
MD5
691ba435d9fcfd46db14ad44db6b62f7
-
SHA1
00399fce73d68d2645fa8328cf1911e4291a7e6f
-
SHA256
34b456c41cd342c8ac0cec6146b9c700289511061a7b4f21838f660368b2793b
-
SHA512
91942ae081afe5099a0dbee801f712f3a8c73661ee6f116c1c63a0ead684701a516a8a619cc28bc5526c05a9cf3bfc28d7e25e51482ad7eee4d3b54945352242
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-
Suspicious use of SetThreadContext
-