General
-
Target
DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe
-
Size
1.4MB
-
Sample
200624-8vnskxkvd6
-
MD5
5fe333e1a731213b8b761cfa114a4c24
-
SHA1
c0eef045d92eac31b471e3e80abc1591088ada0b
-
SHA256
b6be0879f87f35a6f4c27d1666cf8e183427e868944e6a23d035a13b6208dfb6
-
SHA512
ee1dec45423c9c276add252c6f37270e356edc99bf27501b7ddaefeb78056dd5fcae5b55cdf19355b06bf19c9fba5ef33d38780a6d58933737be3f099015307a
Static task
static1
Behavioral task
behavioral1
Sample
DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe
Resource
win10
Malware Config
Extracted
Protocol: ftp- Host:
ftp.kassohome.com.tr - Port:
21 - Username:
Ernest2020@kassohome.com.tr - Password:
jN9DaHjY3SiU
Targets
-
-
Target
DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe
-
Size
1.4MB
-
MD5
5fe333e1a731213b8b761cfa114a4c24
-
SHA1
c0eef045d92eac31b471e3e80abc1591088ada0b
-
SHA256
b6be0879f87f35a6f4c27d1666cf8e183427e868944e6a23d035a13b6208dfb6
-
SHA512
ee1dec45423c9c276add252c6f37270e356edc99bf27501b7ddaefeb78056dd5fcae5b55cdf19355b06bf19c9fba5ef33d38780a6d58933737be3f099015307a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-
Suspicious use of SetThreadContext
-