General
-
Target
UAE CHEMEX PPMC.exe
-
Size
1.2MB
-
Sample
210115-9dgf9dpxqe
-
MD5
4dd78c1ea5d93a976b11b3ad2aecdb38
-
SHA1
7b317cea1615eecf32c72911db9dc8e726558c81
-
SHA256
144c28f64d5e23966923a2a0c779286494f27b3fba1ccde62731d861d7852461
-
SHA512
f8e026a4116ea4b7055c5856d438d716cc9e0d12a7ed8e0767f8fa529b334eb4316a24fec250a2932d99234a7725614c3121861e4dd67885a3a460643bf4b5ec
Static task
static1
Behavioral task
behavioral1
Sample
UAE CHEMEX PPMC.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
UAE CHEMEX PPMC.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.kaypan.com - Port:
587 - Username:
accounts@kaypan.com - Password:
Accounts@584
Targets
-
-
Target
UAE CHEMEX PPMC.exe
-
Size
1.2MB
-
MD5
4dd78c1ea5d93a976b11b3ad2aecdb38
-
SHA1
7b317cea1615eecf32c72911db9dc8e726558c81
-
SHA256
144c28f64d5e23966923a2a0c779286494f27b3fba1ccde62731d861d7852461
-
SHA512
f8e026a4116ea4b7055c5856d438d716cc9e0d12a7ed8e0767f8fa529b334eb4316a24fec250a2932d99234a7725614c3121861e4dd67885a3a460643bf4b5ec
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-