General
-
Target
UAE CHEMEX RFQ.exe
-
Size
1.0MB
-
Sample
210115-8ffljdd4xx
-
MD5
a834d653ed2aa6504d365e066726d410
-
SHA1
a8aa316a5680e689997ccfe28bbffa01c3091b65
-
SHA256
d2900e5f43d302add8c33e39ac9949ea94e3b927a3d56611b60b8e81f4768fbd
-
SHA512
ae121223499fd4d46271caecebf51a0843ca3b0c6353da85f1f79e0773181915de94c8cc3353e9abadd8e6c653b62c8e3a87da97dac0f92f1605c91e0c956b8b
Static task
static1
Behavioral task
behavioral1
Sample
UAE CHEMEX RFQ.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
UAE CHEMEX RFQ.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.kaypan.com - Port:
587 - Username:
accounts@kaypan.com - Password:
Accounts@584
Targets
-
-
Target
UAE CHEMEX RFQ.exe
-
Size
1.0MB
-
MD5
a834d653ed2aa6504d365e066726d410
-
SHA1
a8aa316a5680e689997ccfe28bbffa01c3091b65
-
SHA256
d2900e5f43d302add8c33e39ac9949ea94e3b927a3d56611b60b8e81f4768fbd
-
SHA512
ae121223499fd4d46271caecebf51a0843ca3b0c6353da85f1f79e0773181915de94c8cc3353e9abadd8e6c653b62c8e3a87da97dac0f92f1605c91e0c956b8b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-