General
-
Target
Order10049274pdf.exe
-
Size
328KB
-
Sample
200713-v8g2meacjs
-
MD5
c71732b7a6d89bac55bf2f525c6a3a2f
-
SHA1
8d5b4f6a236b84075f987a01e470350837c35d1c
-
SHA256
85d34a30b3163b6db32ec267c22e5fd5cbfab30533aa4a829f9d79ca55e779d2
-
SHA512
eb89ebbc51bcceac01edfe399916385abfa7db20bfcd23f6bad0b915a1e3822df3f70b97661b6f92bd1b6eb7f4d4112422ad71a5026c14e2eba80a81a94e6686
Static task
static1
Behavioral task
behavioral1
Sample
Order10049274pdf.exe
Resource
win7
Behavioral task
behavioral2
Sample
Order10049274pdf.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.saritatravels.com - Port:
587 - Username:
[email protected] - Password:
sameerb%$321
Extracted
Protocol: smtp- Host:
webmail.saritatravels.com - Port:
587 - Username:
[email protected] - Password:
sameerb%$321
Targets
-
-
Target
Order10049274pdf.exe
-
Size
328KB
-
MD5
c71732b7a6d89bac55bf2f525c6a3a2f
-
SHA1
8d5b4f6a236b84075f987a01e470350837c35d1c
-
SHA256
85d34a30b3163b6db32ec267c22e5fd5cbfab30533aa4a829f9d79ca55e779d2
-
SHA512
eb89ebbc51bcceac01edfe399916385abfa7db20bfcd23f6bad0b915a1e3822df3f70b97661b6f92bd1b6eb7f4d4112422ad71a5026c14e2eba80a81a94e6686
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-