General
-
Target
docx_New Order.docx.exe
-
Size
346KB
-
Sample
200713-k2gnq3aqyx
-
MD5
d19bb675f1556e2617e336c79369d991
-
SHA1
87384fd048f16cc766e1a8944cfaaf37883f4989
-
SHA256
d68fd5dc4b913479f183b0577cb42d4e9c7a38458d5301336e3a0ac4639ea29e
-
SHA512
ff9091488693a8925df96cfa4049e269f69443e4214520faf1da6f00deecf25771b12547626abb94d678322db6a4ab9a702e8b267d5c0277354952649cb356e4
Static task
static1
Behavioral task
behavioral1
Sample
docx_New Order.docx.exe
Resource
win7
Behavioral task
behavioral2
Sample
docx_New Order.docx.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orientalkuwait.com - Port:
587 - Username:
[email protected] - Password:
Operatingmanager1&
Targets
-
-
Target
docx_New Order.docx.exe
-
Size
346KB
-
MD5
d19bb675f1556e2617e336c79369d991
-
SHA1
87384fd048f16cc766e1a8944cfaaf37883f4989
-
SHA256
d68fd5dc4b913479f183b0577cb42d4e9c7a38458d5301336e3a0ac4639ea29e
-
SHA512
ff9091488693a8925df96cfa4049e269f69443e4214520faf1da6f00deecf25771b12547626abb94d678322db6a4ab9a702e8b267d5c0277354952649cb356e4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-