General
-
Target
new_order_#5422_pdf_file.exe
-
Size
1.4MB
-
Sample
200624-67435znz9j
-
MD5
5e346887d828f39b480f316159ee79b7
-
SHA1
be7441a3d826d83e545865986dde7abc6a522eec
-
SHA256
b01594842e3d5d79f262899e0eb357ea538a3f96145b77f102b4ea0ae531c3c6
-
SHA512
0f7dc8d0b19b6a6bfbff5f769864692175c1e436c2c2e7e225d8d099c75005af55087c7b9ce16de525655dcd64b82cdc1fb2868d00c9fe9572c634b8187caf12
Static task
static1
Behavioral task
behavioral1
Sample
new_order_#5422_pdf_file.exe
Resource
win7
Behavioral task
behavioral2
Sample
new_order_#5422_pdf_file.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.bazaarkonections.com - Port:
587 - Username:
manpreet@bazaarkonections.com - Password:
P(OHw(*V4
Targets
-
-
Target
new_order_#5422_pdf_file.exe
-
Size
1.4MB
-
MD5
5e346887d828f39b480f316159ee79b7
-
SHA1
be7441a3d826d83e545865986dde7abc6a522eec
-
SHA256
b01594842e3d5d79f262899e0eb357ea538a3f96145b77f102b4ea0ae531c3c6
-
SHA512
0f7dc8d0b19b6a6bfbff5f769864692175c1e436c2c2e7e225d8d099c75005af55087c7b9ce16de525655dcd64b82cdc1fb2868d00c9fe9572c634b8187caf12
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-