General
-
Target
Encomenda a Fornecedor nº 2177.exe
-
Size
637KB
-
Sample
200731-8eflt657ms
-
MD5
05fbb43cc400bde8bbe2906e2d80d3a1
-
SHA1
3c9c83a029cec65cb1a45f60aca45ca2eec9215f
-
SHA256
f67337d939b7a8d33762e080856099d05b5ff3404bc285f4dd249281289f57c8
-
SHA512
7e2f6a4acac158f81ce35993b374e2e919872399bf32ce0850ecc042eb85c6c8651f0ed2f863771a2d139f499bb35ad7d26fe61f70270f753481b405e6c94eb5
Static task
static1
Behavioral task
behavioral1
Sample
Encomenda a Fornecedor nº 2177.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Encomenda a Fornecedor nº 2177.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gruppoei.tk - Port:
587 - Username:
helpwith@gruppoei.tk - Password:
fC%ROLz}R,(*
Targets
-
-
Target
Encomenda a Fornecedor nº 2177.exe
-
Size
637KB
-
MD5
05fbb43cc400bde8bbe2906e2d80d3a1
-
SHA1
3c9c83a029cec65cb1a45f60aca45ca2eec9215f
-
SHA256
f67337d939b7a8d33762e080856099d05b5ff3404bc285f4dd249281289f57c8
-
SHA512
7e2f6a4acac158f81ce35993b374e2e919872399bf32ce0850ecc042eb85c6c8651f0ed2f863771a2d139f499bb35ad7d26fe61f70270f753481b405e6c94eb5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-