General
-
Target
FedEx-Shipment-90161131174.jar
-
Size
1.1MB
-
Sample
210126-fq96sbthcj
-
MD5
d859cc795a33d10f2bd6c778f25403f7
-
SHA1
5500c896c9776be9e73be2c3612ed9956b39befa
-
SHA256
77a7c0820a20e387e47484af08143b95dbb370113f7800f6e8ef19857ad92e22
-
SHA512
2d3b5753373a184ba20a35b838fcb36257c318a0a4430f76729f002cf08e850f5ade0931f9f63dc401e834a1cd88cc55bb7336575319a4664c422a5572dbc018
Static task
static1
Behavioral task
behavioral1
Sample
FedEx-Shipment-90161131174.jar
Resource
win7v20201028
Behavioral task
behavioral2
Sample
FedEx-Shipment-90161131174.jar
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pexonteam.rs - Port:
587 - Username:
[email protected] - Password:
Mdn7dRsJ[7q}
Targets
-
-
Target
FedEx-Shipment-90161131174.jar
-
Size
1.1MB
-
MD5
d859cc795a33d10f2bd6c778f25403f7
-
SHA1
5500c896c9776be9e73be2c3612ed9956b39befa
-
SHA256
77a7c0820a20e387e47484af08143b95dbb370113f7800f6e8ef19857ad92e22
-
SHA512
2d3b5753373a184ba20a35b838fcb36257c318a0a4430f76729f002cf08e850f5ade0931f9f63dc401e834a1cd88cc55bb7336575319a4664c422a5572dbc018
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-