General
-
Target
SMC Req Offer # OCM 0607.9681_Pdf___.exe
-
Size
45KB
-
Sample
210226-1xkq3zahbj
-
MD5
0f3034828fbe3d0f96c1c43ec580b14e
-
SHA1
28333b6697758e1820b155b5e577d4e9dbd3d866
-
SHA256
551d67b12cc58bec536bf821dfb404b51fb9b390dbd7dd825b631a37cf7a0943
-
SHA512
ea018aebea0c5c48846211cef31028fb99119dfa9b1a28a8a03d03509808aaa42a67ce843be67cd4862b99bd5069f43cc885d0f79780f2a44c5da7673311b6cd
Static task
static1
Behavioral task
behavioral1
Sample
SMC Req Offer # OCM 0607.9681_Pdf___.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SMC Req Offer # OCM 0607.9681_Pdf___.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.p0lybrands.com - Port:
587 - Username:
[email protected] - Password:
MNOMcpt7
Targets
-
-
Target
SMC Req Offer # OCM 0607.9681_Pdf___.exe
-
Size
45KB
-
MD5
0f3034828fbe3d0f96c1c43ec580b14e
-
SHA1
28333b6697758e1820b155b5e577d4e9dbd3d866
-
SHA256
551d67b12cc58bec536bf821dfb404b51fb9b390dbd7dd825b631a37cf7a0943
-
SHA512
ea018aebea0c5c48846211cef31028fb99119dfa9b1a28a8a03d03509808aaa42a67ce843be67cd4862b99bd5069f43cc885d0f79780f2a44c5da7673311b6cd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-