General
-
Target
Shipping Document PL&BL Draft.exe
-
Size
688KB
-
Sample
210306-se3w9mn2en
-
MD5
a9d446028c39a325f32407a20c4efb6e
-
SHA1
087ae77ace998067e1644f932246086dbbc841c1
-
SHA256
19036261b89b27743d0b8c2353751f57b256357525068f67b166608b1eb33268
-
SHA512
4cb4d1103e8687e9322ae3a02bf86c30d070a1094c1ce458bad1a17d610e3fad1a0c063b7f57f9668b0ed1f50e739a9cb209156885327c2999144c0e59c0eca7
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Document PL&BL Draft.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
sent@flood-protection.org - Password:
kelex2424@
Targets
-
-
Target
Shipping Document PL&BL Draft.exe
-
Size
688KB
-
MD5
a9d446028c39a325f32407a20c4efb6e
-
SHA1
087ae77ace998067e1644f932246086dbbc841c1
-
SHA256
19036261b89b27743d0b8c2353751f57b256357525068f67b166608b1eb33268
-
SHA512
4cb4d1103e8687e9322ae3a02bf86c30d070a1094c1ce458bad1a17d610e3fad1a0c063b7f57f9668b0ed1f50e739a9cb209156885327c2999144c0e59c0eca7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-