General
-
Target
MV CHINALAND TBN.zip
-
Size
517KB
-
Sample
210226-f25rx9xwpj
-
MD5
34b34da9d9f16e5e542ab12cd6251b87
-
SHA1
742ed131fac123812994ed768b6845476b42109f
-
SHA256
939d3ab93d3ed0220d060e259eaafacea5851e6a66c7cc0002582bac24c88e4e
-
SHA512
f999c4f9a6d7a5477625183f7489305705ba9d62062a7ad50dfaa349f0b5a2b1ef96d365e2f56c2e0e10fba71b8a7e33c1e029ffe6684644ce0e51c52fbee892
Static task
static1
Behavioral task
behavioral1
Sample
MV CHINALAND TBN.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
MV CHINALAND TBN.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.indiaflanges.com - Port:
587 - Username:
[email protected] - Password:
dvdxq;nx{(MV5@m
Targets
-
-
Target
MV CHINALAND TBN.exe
-
Size
547KB
-
MD5
9c290b429cdb18f382f775fae362e40f
-
SHA1
cf278ae7ad7ee6ebdfab4640d27411154390566e
-
SHA256
cf73c28bdca35a0de6f6b171d08228dbf54938c34a0bb445cbe4d36df11c676f
-
SHA512
04ab31d7f8baf6f41d38ebdbe194ab7c0145998ca40fc4a54473804d8a291259609e4e09a649f40be2f3d1441d6b4cbf6a37fa3be75c10a21339987e95b27f5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-