General
-
Target
Recibo del envío.img
-
Size
1.5MB
-
Sample
210226-knv4zenkpj
-
MD5
882a3f397c0d63c08a51711af90438ac
-
SHA1
086870cdbef9b609daa54400372ed7b38f5e6e09
-
SHA256
98798287e65f13b729ddaffcef82fbf554877393829307b00d0f1872a94a88b2
-
SHA512
43058ba8cebe51b3fa1af0a0ac0909e5de420a30dc9423f9456ee4200bdd283d1e9d2425e34b2fbca8aed5e1f411870962ea635410d149e1ee68489e22cc2d94
Static task
static1
Behavioral task
behavioral1
Sample
RECIBO_D.EXE
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RECIBO_D.EXE
Resource
win10v20201028
Malware Config
Targets
-
-
Target
RECIBO_D.EXE
-
Size
1000KB
-
MD5
30f590b7eac07fe6dc2da82d74cb7f01
-
SHA1
806e9df9cbe214445752e34f50392b5690209991
-
SHA256
53480d705948121a9bc2c0e0570b85b141b3e2044798f550fe8421fea55d5d70
-
SHA512
062d6e0fcda49649ac3fd6e55e6d8f91e7c2d4989219b535ccf0934fd058c9ad98b685de65a2d3c1ec99a77bbc500a705bcf8319d53af8aaf7be6cc0522c5f58
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-