General
-
Target
pickup receipt,DOC.exe
-
Size
754KB
-
Sample
210120-eg17xxer2x
-
MD5
15305eed3c883a3676fc491085a8a10d
-
SHA1
0db30687fbe8fab485255ebee73ecf54fc136052
-
SHA256
9696a44528dca762c88b2a88292d2fcb4a6ab16ce5ed1057a4faf2ba2c179d04
-
SHA512
26ec7db496978d7d8f5518807d122ab5dd4cac84953eb2bfb5c15575242c7a404e5a137b15bce3d3201d1ad040a3802d3a9d09b850364d2e66a107d64cd2baa9
Static task
static1
Behavioral task
behavioral1
Sample
pickup receipt,DOC.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
pickup receipt,DOC.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
eazi@gdaslc.com - Password:
mmm777
Targets
-
-
Target
pickup receipt,DOC.exe
-
Size
754KB
-
MD5
15305eed3c883a3676fc491085a8a10d
-
SHA1
0db30687fbe8fab485255ebee73ecf54fc136052
-
SHA256
9696a44528dca762c88b2a88292d2fcb4a6ab16ce5ed1057a4faf2ba2c179d04
-
SHA512
26ec7db496978d7d8f5518807d122ab5dd4cac84953eb2bfb5c15575242c7a404e5a137b15bce3d3201d1ad040a3802d3a9d09b850364d2e66a107d64cd2baa9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-