General
-
Target
REQUEST FOR PROPOSAL - KHAI QUOC TDR-05052020.exe
-
Size
599KB
-
Sample
201109-lkvjy1rjan
-
MD5
99f2fcd36d14a8993a1f5af2cba8d2ed
-
SHA1
acfad8fb18e290240ddc2be6157057e2a89d5bb9
-
SHA256
27ef45a0e5db4ffe4e67ae3ce507aaf93e5618df7a12f1d443a5aea81cb2a895
-
SHA512
8fe37906c97bbc4f6b440deee253c7068b43e7f6a0363c014b542bca41d2231fda6454bbcfd99af67108b758a6ca515a9cb996ecabdde7e1b432bbed4772dcfd
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR PROPOSAL - KHAI QUOC TDR-05052020.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
terry.miller@rm-elactrical.com - Password:
EQQDdWP2
Targets
-
-
Target
REQUEST FOR PROPOSAL - KHAI QUOC TDR-05052020.exe
-
Size
599KB
-
MD5
99f2fcd36d14a8993a1f5af2cba8d2ed
-
SHA1
acfad8fb18e290240ddc2be6157057e2a89d5bb9
-
SHA256
27ef45a0e5db4ffe4e67ae3ce507aaf93e5618df7a12f1d443a5aea81cb2a895
-
SHA512
8fe37906c97bbc4f6b440deee253c7068b43e7f6a0363c014b542bca41d2231fda6454bbcfd99af67108b758a6ca515a9cb996ecabdde7e1b432bbed4772dcfd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-