General
-
Target
PURCHASE ORDER.exe
-
Size
480KB
-
Sample
200731-f25l4edala
-
MD5
68a39c3c66241675061f8d052c6fe4e7
-
SHA1
4cf37ba99dd0a55045c2985b37a5fe64ef363120
-
SHA256
f5bc5555d6b03bad237a916d07e05148d44cae649e932726a15ea1595fa60f4b
-
SHA512
38318fc371040bdcdc6bd313b57b5e26eb7cec31b62e0d36882cb105cd3d6d7adb2dedc995b257a21589201be4ade904dd7d3b09f5e26d1062767eb97f542d39
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7
Behavioral task
behavioral2
Sample
PURCHASE ORDER.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
g.gregori@selintt.com - Password:
BetIyxQ6
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
480KB
-
MD5
68a39c3c66241675061f8d052c6fe4e7
-
SHA1
4cf37ba99dd0a55045c2985b37a5fe64ef363120
-
SHA256
f5bc5555d6b03bad237a916d07e05148d44cae649e932726a15ea1595fa60f4b
-
SHA512
38318fc371040bdcdc6bd313b57b5e26eb7cec31b62e0d36882cb105cd3d6d7adb2dedc995b257a21589201be4ade904dd7d3b09f5e26d1062767eb97f542d39
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-