General
-
Target
Shipment Docs.exe
-
Size
513KB
-
Sample
220316-nl6phsbccr
-
MD5
73e5451011ebf24c6ff6b945adf6f443
-
SHA1
33cd90107c301a1dc51b13142160dda8dc525483
-
SHA256
5057d8b5104c79609ea7234da4d51f6883622ee5e3e1b660489d247b920f6d90
-
SHA512
d7d405511c78565ff71887a93d5f7da6df4b3314249b2f5457678c28f1d5748558eca57d5ee1daaee45f49a9aab6506150781a5304ac5abffd679ed2bc70d463
Malware Config
Extracted
Protocol: smtp- Host:
mail.indiacarpet.in - Port:
587 - Username:
[email protected] - Password:
india@12345
Targets
-
-
Target
Shipment Docs.exe
-
Size
513KB
-
MD5
73e5451011ebf24c6ff6b945adf6f443
-
SHA1
33cd90107c301a1dc51b13142160dda8dc525483
-
SHA256
5057d8b5104c79609ea7234da4d51f6883622ee5e3e1b660489d247b920f6d90
-
SHA512
d7d405511c78565ff71887a93d5f7da6df4b3314249b2f5457678c28f1d5748558eca57d5ee1daaee45f49a9aab6506150781a5304ac5abffd679ed2bc70d463
Score10/10-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-