General
-
Target
DHL_Mar 2020 at 1.10_9B9290_PDF.exe
-
Size
398KB
-
Sample
201109-vl8re6jvle
-
MD5
c13fc10e4aa37fa3e976b96c0f1a0dc2
-
SHA1
e4846b2b6fd0e86d01a31d8f2725b685f5fea3a4
-
SHA256
512081dd7ccc20821c4407ad3bf16a38a0ac1168515f45e34417a353b9044293
-
SHA512
c8e8231a5360fa256d54c66fa475e20ac2900421251921fce617852d3a8178ac0e3b0d0440971b01df02ab3f7e083f9674ebcb642df48803a8c7b518ca1d891c
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Mar 2020 at 1.10_9B9290_PDF.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.copyrap.com - Port:
587 - Username:
marbella@copyrap.com - Password:
marbella1597
Extracted
Protocol: smtp- Host:
mail.copyrap.com - Port:
587 - Username:
marbella@copyrap.com - Password:
marbella1597
Targets
-
-
Target
DHL_Mar 2020 at 1.10_9B9290_PDF.exe
-
Size
398KB
-
MD5
c13fc10e4aa37fa3e976b96c0f1a0dc2
-
SHA1
e4846b2b6fd0e86d01a31d8f2725b685f5fea3a4
-
SHA256
512081dd7ccc20821c4407ad3bf16a38a0ac1168515f45e34417a353b9044293
-
SHA512
c8e8231a5360fa256d54c66fa475e20ac2900421251921fce617852d3a8178ac0e3b0d0440971b01df02ab3f7e083f9674ebcb642df48803a8c7b518ca1d891c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-