General
-
Target
DHL INV+AWB100617740009725.PDF____.exe
-
Size
727KB
-
Sample
200716-5cew2kkybs
-
MD5
279189f9746b79c1112ebf9cbb2daef8
-
SHA1
0723886286f7050f9a330defff50c3216e40fe1b
-
SHA256
1868421d82c1476c4106fee2902fde4c749d7e8bcd9b34fdc09d86733d9198de
-
SHA512
03a748075224e73c93bf1681800070aae3e903a379339777b6a8cf73b95d3399d185d8506ca5f07f082a3a0affd7d63c0230f8f9826a40b9a36be6f8fb45b328
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
opjis0123
Targets
-
-
Target
DHL INV+AWB100617740009725.PDF____.exe
-
Size
727KB
-
MD5
279189f9746b79c1112ebf9cbb2daef8
-
SHA1
0723886286f7050f9a330defff50c3216e40fe1b
-
SHA256
1868421d82c1476c4106fee2902fde4c749d7e8bcd9b34fdc09d86733d9198de
-
SHA512
03a748075224e73c93bf1681800070aae3e903a379339777b6a8cf73b95d3399d185d8506ca5f07f082a3a0affd7d63c0230f8f9826a40b9a36be6f8fb45b328
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-