General
-
Target
PRODUCTS ON DEMAND AND 3D DRAWING.pif.exe
-
Size
613KB
-
Sample
201109-ldh3jqrqse
-
MD5
ca09aa667e4c36ba5b182ab8c0548882
-
SHA1
64d92a31f0bc67565d22220ece3b8ab5a81d17d8
-
SHA256
912773eb914dcc982732f98b82b37c8dd39700fdc52fe054656f30d0df7b9157
-
SHA512
5b183abe5dc8f003b5124ae43f6ebd879301146f4c93d42163f5b414a46ba20ce25ca2fe6b2eca416597f2491e66f3f7699fed338f626a3fb571c1bdd7697513
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCTS ON DEMAND AND 3D DRAWING.pif.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PRODUCTS ON DEMAND AND 3D DRAWING.pif.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
donkraus6@yandex.com - Password:
Chinedu2@
Targets
-
-
Target
PRODUCTS ON DEMAND AND 3D DRAWING.pif.exe
-
Size
613KB
-
MD5
ca09aa667e4c36ba5b182ab8c0548882
-
SHA1
64d92a31f0bc67565d22220ece3b8ab5a81d17d8
-
SHA256
912773eb914dcc982732f98b82b37c8dd39700fdc52fe054656f30d0df7b9157
-
SHA512
5b183abe5dc8f003b5124ae43f6ebd879301146f4c93d42163f5b414a46ba20ce25ca2fe6b2eca416597f2491e66f3f7699fed338f626a3fb571c1bdd7697513
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-