General
-
Target
MRCSB Office Proposal201 #218B 20200505 ,pdf.exe
-
Size
786KB
-
Sample
201109-vqrladgtaa
-
MD5
a45093f36387f1f4771866604f16456d
-
SHA1
57a12679e644430c8a0a75708821ba5c073d0b6d
-
SHA256
4421f642dd9caf0803c0be41afd29115599f419b34c1b5c8c054324212803752
-
SHA512
2a301a8e2ac34520e61e884ac3465ef8898ec5bc9316fa2f01733362e5ea32d9ad234e41bf86f2e8e420ed89a1cf28d24c8ee8542a14705066b1d6024084d769
Static task
static1
Behavioral task
behavioral1
Sample
MRCSB Office Proposal201 #218B 20200505 ,pdf.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
fletcherjohnsgt@gmail.com - Password:
moneymustdrop
Targets
-
-
Target
MRCSB Office Proposal201 #218B 20200505 ,pdf.exe
-
Size
786KB
-
MD5
a45093f36387f1f4771866604f16456d
-
SHA1
57a12679e644430c8a0a75708821ba5c073d0b6d
-
SHA256
4421f642dd9caf0803c0be41afd29115599f419b34c1b5c8c054324212803752
-
SHA512
2a301a8e2ac34520e61e884ac3465ef8898ec5bc9316fa2f01733362e5ea32d9ad234e41bf86f2e8e420ed89a1cf28d24c8ee8542a14705066b1d6024084d769
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-