General
-
Target
Paid Invoice.exe
-
Size
940KB
-
Sample
200709-fwcd7k2z2a
-
MD5
bde63b59d82e03cea80de443c6738c6f
-
SHA1
34e77df4e37a23a8c45f9b9a62a938d756add173
-
SHA256
b3bf1c568dfbb2a1af09b07eb0a7aff6e2d7addbf3c51e4c6850ebc96afd103e
-
SHA512
f1e68b492747884786996bec97214fb4a126444dc4928803cecfa7f0a716fa29c822f76eeff41d7b7ca164cde4b24a70e45aecdf8c8b9ff1d1cabd3800b6850d
Static task
static1
Behavioral task
behavioral1
Sample
Paid Invoice.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Paid Invoice.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Blessing123
Targets
-
-
Target
Paid Invoice.exe
-
Size
940KB
-
MD5
bde63b59d82e03cea80de443c6738c6f
-
SHA1
34e77df4e37a23a8c45f9b9a62a938d756add173
-
SHA256
b3bf1c568dfbb2a1af09b07eb0a7aff6e2d7addbf3c51e4c6850ebc96afd103e
-
SHA512
f1e68b492747884786996bec97214fb4a126444dc4928803cecfa7f0a716fa29c822f76eeff41d7b7ca164cde4b24a70e45aecdf8c8b9ff1d1cabd3800b6850d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-