General
-
Target
DHL CONSIGNMENT.exe
-
Size
731KB
-
Sample
201109-vp5w8ry7h2
-
MD5
cdee0c3096c64862a35873bcc232105f
-
SHA1
ee0adf4e6dffcb118b8a8cdd40b310e9c12a5507
-
SHA256
246366b847f40185b79d4b7dccd159a0ea49b16043baa6c2898ad6dc88fcf0a0
-
SHA512
a44123fc5a5a80edae2e5a758305e8ceba4903ae87458ceddd69db1f480000c3ca48e3d0c1d1af33ab8265ea289af9dbdeec3d331032633cf6c04d2518d60840
Static task
static1
Behavioral task
behavioral1
Sample
DHL CONSIGNMENT.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.anding-tw.com - Port:
587 - Username:
ahmed@anding-tw.com - Password:
f$Y$20vPan*h
Targets
-
-
Target
DHL CONSIGNMENT.exe
-
Size
731KB
-
MD5
cdee0c3096c64862a35873bcc232105f
-
SHA1
ee0adf4e6dffcb118b8a8cdd40b310e9c12a5507
-
SHA256
246366b847f40185b79d4b7dccd159a0ea49b16043baa6c2898ad6dc88fcf0a0
-
SHA512
a44123fc5a5a80edae2e5a758305e8ceba4903ae87458ceddd69db1f480000c3ca48e3d0c1d1af33ab8265ea289af9dbdeec3d331032633cf6c04d2518d60840
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-