General
-
Target
USD44,680.85 Payment against invoice 16.07.2020.PDF.exe
-
Size
723KB
-
Sample
200716-tcjv6ll2s6
-
MD5
5cc16d69a5305ad91a8d5c6986313589
-
SHA1
b5e1ab1f76993f5dc99d7d647ac1b69cc29eb37f
-
SHA256
71db72fdf67af76d080be2a30e8492469b63a48023286aa72ed83a322b45bfe1
-
SHA512
8c0c523628a6f7886a1d7e125bb333b30798a5a06fd91ddab5243d98de80376bb62913a476f1afcbb5a89baf48e9a75fd25d83ac7e3a2e0edf0ae78351bba9bf
Static task
static1
Behavioral task
behavioral1
Sample
USD44,680.85 Payment against invoice 16.07.2020.PDF.exe
Resource
win7v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alhaseebcorp.com - Port:
587 - Username:
[email protected] - Password:
FRO#/kLtinG@123
Extracted
Protocol: smtp- Host:
mail.alhaseebcorp.com - Port:
587 - Username:
[email protected] - Password:
FRO#/kLtinG@123
Targets
-
-
Target
USD44,680.85 Payment against invoice 16.07.2020.PDF.exe
-
Size
723KB
-
MD5
5cc16d69a5305ad91a8d5c6986313589
-
SHA1
b5e1ab1f76993f5dc99d7d647ac1b69cc29eb37f
-
SHA256
71db72fdf67af76d080be2a30e8492469b63a48023286aa72ed83a322b45bfe1
-
SHA512
8c0c523628a6f7886a1d7e125bb333b30798a5a06fd91ddab5243d98de80376bb62913a476f1afcbb5a89baf48e9a75fd25d83ac7e3a2e0edf0ae78351bba9bf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-