General
-
Target
DHL CONSIGNMENT.exe
-
Size
618KB
-
Sample
201109-753yteaw3a
-
MD5
79fb855aaf091f26878c36f083003542
-
SHA1
2db4295fd44057bd343108b1551c90187e16b29d
-
SHA256
0cb9e417f6d669eb497a3c451a30744cbe7b4bb5f7acb01d55956e1021303d2a
-
SHA512
8574b2a01d12069e96e4c2c91504cb072e357ac17fd57030985e23dd0a3afad3d8b74c8e3c32850fcfe036ef1c4a4d1789ef44c4a47c1b85637f56d83a51f6e1
Static task
static1
Behavioral task
behavioral1
Sample
DHL CONSIGNMENT.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.anding-tw.com - Port:
587 - Username:
ahmed@anding-tw.com - Password:
f$Y$20vPan*h
Targets
-
-
Target
DHL CONSIGNMENT.exe
-
Size
618KB
-
MD5
79fb855aaf091f26878c36f083003542
-
SHA1
2db4295fd44057bd343108b1551c90187e16b29d
-
SHA256
0cb9e417f6d669eb497a3c451a30744cbe7b4bb5f7acb01d55956e1021303d2a
-
SHA512
8574b2a01d12069e96e4c2c91504cb072e357ac17fd57030985e23dd0a3afad3d8b74c8e3c32850fcfe036ef1c4a4d1789ef44c4a47c1b85637f56d83a51f6e1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-