General
-
Target
Request_for_Quotation_For_Tender_No_4466839.exe
-
Size
612KB
-
Sample
200919-1hzwppcyzx
-
MD5
0e6172f9e849b709f365f06a7c13346d
-
SHA1
5715e9d57867f2a879e22e7ec8c1a43d764f308a
-
SHA256
125203c92ab4db76de740b9cb2ce5908bbf6ee86864855a4903e2d5c17953ad1
-
SHA512
53fd6e368484ca0ec7288cd23d2a54893e0c2756e70afdc9896b43ead14d687d9afec9079dca0a3903840aea00e3c9fce574911a36fd07903310efd0db3872e6
Static task
static1
Behavioral task
behavioral1
Sample
Request_for_Quotation_For_Tender_No_4466839.exe
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rastek.net - Port:
587 - Username:
sales@rastek.net - Password:
pR2HbM(qQT6R
Targets
-
-
Target
Request_for_Quotation_For_Tender_No_4466839.exe
-
Size
612KB
-
MD5
0e6172f9e849b709f365f06a7c13346d
-
SHA1
5715e9d57867f2a879e22e7ec8c1a43d764f308a
-
SHA256
125203c92ab4db76de740b9cb2ce5908bbf6ee86864855a4903e2d5c17953ad1
-
SHA512
53fd6e368484ca0ec7288cd23d2a54893e0c2756e70afdc9896b43ead14d687d9afec9079dca0a3903840aea00e3c9fce574911a36fd07903310efd0db3872e6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-