General
-
Target
NEW URGENT PURCHASE ORDER PRODUCT LIST SHEET 003847 pdf.exe
-
Size
653KB
-
Sample
210126-e5y3nzpyc2
-
MD5
385d6f33fe7ba82671e222d92b2542f5
-
SHA1
6b1892a645c07ae16bfe1ed322602be5a1ffc90c
-
SHA256
738eadad6a96be79d6cb5d394226383d66bc48930fef5839d2ec031a3f19c5b8
-
SHA512
30d92adf8dd455781e7a6890c24d5efd5d9a1e3c78f6fa9f9b9bbda0318657df995d751a96039e0c881a75979ae2e507e45788dede1800bf322f2ae4fa002b2d
Static task
static1
Behavioral task
behavioral1
Sample
NEW URGENT PURCHASE ORDER PRODUCT LIST SHEET 003847 pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
NEW URGENT PURCHASE ORDER PRODUCT LIST SHEET 003847 pdf.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.softg.com.ng/ - Port:
21 - Username:
[email protected] - Password:
wealth@123455@@
Targets
-
-
Target
NEW URGENT PURCHASE ORDER PRODUCT LIST SHEET 003847 pdf.exe
-
Size
653KB
-
MD5
385d6f33fe7ba82671e222d92b2542f5
-
SHA1
6b1892a645c07ae16bfe1ed322602be5a1ffc90c
-
SHA256
738eadad6a96be79d6cb5d394226383d66bc48930fef5839d2ec031a3f19c5b8
-
SHA512
30d92adf8dd455781e7a6890c24d5efd5d9a1e3c78f6fa9f9b9bbda0318657df995d751a96039e0c881a75979ae2e507e45788dede1800bf322f2ae4fa002b2d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-