General
-
Target
Order List_pdf.exe
-
Size
438KB
-
Sample
200630-l3l4w8kw9a
-
MD5
d402cd3dabdfbae88e6a5cb67acb00ef
-
SHA1
206ef592df35ca9d4c0d4f2d5ec9bc1c317d9cfe
-
SHA256
08c1f9f0755e45b664ec5cd4e5e44b895e204cd89c91fc59e5a218af5abc5779
-
SHA512
8e2a938fdc21259ddfa5ccfc03c3529537c6c14e4f6dd15cade2eb303f7e753276b26dddbad57382b2a653158eaf1e0cba03e1bbb9e4c9c4b86a2973fd40cabc
Static task
static1
Behavioral task
behavioral1
Sample
Order List_pdf.exe
Resource
win7
Behavioral task
behavioral2
Sample
Order List_pdf.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.sknei.com - Port:
587 - Username:
ye03@sknei.com - Password:
Ugwuanyi2015
Targets
-
-
Target
Order List_pdf.exe
-
Size
438KB
-
MD5
d402cd3dabdfbae88e6a5cb67acb00ef
-
SHA1
206ef592df35ca9d4c0d4f2d5ec9bc1c317d9cfe
-
SHA256
08c1f9f0755e45b664ec5cd4e5e44b895e204cd89c91fc59e5a218af5abc5779
-
SHA512
8e2a938fdc21259ddfa5ccfc03c3529537c6c14e4f6dd15cade2eb303f7e753276b26dddbad57382b2a653158eaf1e0cba03e1bbb9e4c9c4b86a2973fd40cabc
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-