General
-
Target
FedEx Receipt.exe
-
Size
1.4MB
-
Sample
210120-kgg9b2hmxe
-
MD5
1f6d229ec85595854602233ac2d16e0f
-
SHA1
2d761403aeef09d51057dafa64fe9fe2b382d6e8
-
SHA256
5c1acbd40fb6b82586354bd863d53e71d6cbc6f6271f0f8da6f3692c4446ebe6
-
SHA512
246e3968cb5ca1907886946cd270046d934140e21ed9085eec1534f6527b81b272fbfbedb6e206ba8f90967d8313d74e2eab512b3b084614a9e1dc1784d4bcbf
Static task
static1
Behavioral task
behavioral1
Sample
FedEx Receipt.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
FedEx Receipt.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.aepmarinesparts.com - Port:
587 - Username:
n.louter@aepmarinesparts.com - Password:
NtKyM*p4
Targets
-
-
Target
FedEx Receipt.exe
-
Size
1.4MB
-
MD5
1f6d229ec85595854602233ac2d16e0f
-
SHA1
2d761403aeef09d51057dafa64fe9fe2b382d6e8
-
SHA256
5c1acbd40fb6b82586354bd863d53e71d6cbc6f6271f0f8da6f3692c4446ebe6
-
SHA512
246e3968cb5ca1907886946cd270046d934140e21ed9085eec1534f6527b81b272fbfbedb6e206ba8f90967d8313d74e2eab512b3b084614a9e1dc1784d4bcbf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-