General
-
Target
DOC04121993.exe
-
Size
955KB
-
Sample
201121-mr5mqjcm8a
-
MD5
710843b45a8e65c939d3ab4fb96d73e4
-
SHA1
909799ac70c5a8a472b40579ff0c5bc982979676
-
SHA256
d0ea8610ecee6c92c50af51c37a0a49f8550768609a08a5a2dcaf98bb06dcff3
-
SHA512
04508620bcb1d8406cddcd0ae1dd9f0c31f27ad6e5c140fba402a0c5951901ae62e0f006a35e897f101cac36849981b8379585f906c5db0ef8f4686e7fb8acbc
Static task
static1
Behavioral task
behavioral1
Sample
DOC04121993.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hybridgroupco.com - Port:
587 - Username:
info@hybridgroupco.com - Password:
Obinna123@@@
Extracted
Protocol: smtp- Host:
mail.hybridgroupco.com - Port:
587 - Username:
info@hybridgroupco.com - Password:
Obinna123@@@
Targets
-
-
Target
DOC04121993.exe
-
Size
955KB
-
MD5
710843b45a8e65c939d3ab4fb96d73e4
-
SHA1
909799ac70c5a8a472b40579ff0c5bc982979676
-
SHA256
d0ea8610ecee6c92c50af51c37a0a49f8550768609a08a5a2dcaf98bb06dcff3
-
SHA512
04508620bcb1d8406cddcd0ae1dd9f0c31f27ad6e5c140fba402a0c5951901ae62e0f006a35e897f101cac36849981b8379585f906c5db0ef8f4686e7fb8acbc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-