General
-
Target
REQUEST FOR QUOTATION MV PAVINO TRADER.exe
-
Size
466KB
-
Sample
201109-vmtce1gvfs
-
MD5
714533814adecf2a707d8292647e4cd7
-
SHA1
8916de8ce4af1ff7411edaaa446c50e2e537ca84
-
SHA256
16a372b8bf67ed98f8065274e22b1c36ad0b0a6fbd8a8a4a4afb0e9b07665612
-
SHA512
68d260f432d53b8208fd8bc18a7b24f7b8898fcf158406d4b8c5b7762a91ed12879749524bba6ddd1f5daf8ded5c69d643e95a9ce35ce1871f4319ef77eb485d
Static task
static1
Behavioral task
behavioral1
Sample
REQUEST FOR QUOTATION MV PAVINO TRADER.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
info.pana@yandex.com - Password:
user@12345
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
info.pana@yandex.com - Password:
user@12345
Targets
-
-
Target
REQUEST FOR QUOTATION MV PAVINO TRADER.exe
-
Size
466KB
-
MD5
714533814adecf2a707d8292647e4cd7
-
SHA1
8916de8ce4af1ff7411edaaa446c50e2e537ca84
-
SHA256
16a372b8bf67ed98f8065274e22b1c36ad0b0a6fbd8a8a4a4afb0e9b07665612
-
SHA512
68d260f432d53b8208fd8bc18a7b24f7b8898fcf158406d4b8c5b7762a91ed12879749524bba6ddd1f5daf8ded5c69d643e95a9ce35ce1871f4319ef77eb485d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-