General
-
Target
Shipping Details_PDF.rar
-
Size
1.0MB
-
Sample
210119-a9q7bnl8pe
-
MD5
c0dd2e6afe5ce86101ddd7c89f790b30
-
SHA1
da0d6799f67eb472d8c10f63b4050b012b1cfac4
-
SHA256
18669ba5c1ec3ab4fabe4164f1dfe5b0c69adb267db694ec419de8f1574fade1
-
SHA512
b5509bac5e1bf2808a5955d811b7884edd256ede6d17f26882bd552803237d2de6eafc10628012e8079ed89f094858666f6f5f1c70c198fb8c6750af3264aaca
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Details_PDF.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping Details_PDF.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.krishnalandrenzo.com - Port:
587 - Username:
amitkhanna@krishnalandrenzo.com - Password:
valen@08
Targets
-
-
Target
Shipping Details_PDF.exe
-
Size
1.4MB
-
MD5
0db3278cf7aa8a0532da9fb9082b61f9
-
SHA1
875aaeccabe30550d9902ec749d511365e4bf652
-
SHA256
80f4f76ea0e48a8de2d534286cf244562c938e595b10f2f92329bf57f379cc5f
-
SHA512
930e7c4caff53476db51207740bbde90c37558f9499d0b9542dc9e17062c3cab45a8424232a7f1ac49cc7ba258d31e3dda3fe7fb8903561f0e15a56c20abf4b4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-