General
-
Target
MV AGRIA CALLING CHANGSHU AGENCY APPOINTMENT.exe
-
Size
497KB
-
Sample
200713-9nlhe85zh2
-
MD5
b2dab9f7ed4982d19dfb42ebe45715d7
-
SHA1
7ac2ecff44f0c9de031ed6f4cb1c85cea896baec
-
SHA256
a58fc8e96f20e803cf01cffd2ca566ef4ec82ceca97f116aee211008f3f6a6e1
-
SHA512
2a442cbb680d4f40ecff613ae391821e3eda4add75baebeb661e621295ba874d8272fc82a3af81eeff2d3af1eb01bc76f6e4bcf52d753fdc9712e49acaf0e188
Static task
static1
Behavioral task
behavioral1
Sample
MV AGRIA CALLING CHANGSHU AGENCY APPOINTMENT.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
MV AGRIA CALLING CHANGSHU AGENCY APPOINTMENT.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
iwuoha241@
Targets
-
-
Target
MV AGRIA CALLING CHANGSHU AGENCY APPOINTMENT.exe
-
Size
497KB
-
MD5
b2dab9f7ed4982d19dfb42ebe45715d7
-
SHA1
7ac2ecff44f0c9de031ed6f4cb1c85cea896baec
-
SHA256
a58fc8e96f20e803cf01cffd2ca566ef4ec82ceca97f116aee211008f3f6a6e1
-
SHA512
2a442cbb680d4f40ecff613ae391821e3eda4add75baebeb661e621295ba874d8272fc82a3af81eeff2d3af1eb01bc76f6e4bcf52d753fdc9712e49acaf0e188
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-