General
-
Target
USD56,440.81 payment advice note 16.06.2020.exe
-
Size
1.3MB
-
Sample
200624-ef4l728dsa
-
MD5
951965d1769a925fbf90a3d81d67f25d
-
SHA1
f83ac89f7100a7c64769a0078edddc90f63afd81
-
SHA256
df795ae1edd3901a8ac5f66f13eef36be826adfea397778c3ffeda214861f3f8
-
SHA512
1901f9cf97e2ea9e0532e64bdfc83203a6239722a02a5f4e2ed7fed4317e5d216325229d59527cf8d314d8e7d10d9f262630db3b3b207feb93c0eb2e969403b5
Static task
static1
Behavioral task
behavioral1
Sample
USD56,440.81 payment advice note 16.06.2020.exe
Resource
win7
Behavioral task
behavioral2
Sample
USD56,440.81 payment advice note 16.06.2020.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.sarniotex.com - Port:
587 - Username:
morison@sarniotex.com - Password:
Eop!OeY8
Targets
-
-
Target
USD56,440.81 payment advice note 16.06.2020.exe
-
Size
1.3MB
-
MD5
951965d1769a925fbf90a3d81d67f25d
-
SHA1
f83ac89f7100a7c64769a0078edddc90f63afd81
-
SHA256
df795ae1edd3901a8ac5f66f13eef36be826adfea397778c3ffeda214861f3f8
-
SHA512
1901f9cf97e2ea9e0532e64bdfc83203a6239722a02a5f4e2ed7fed4317e5d216325229d59527cf8d314d8e7d10d9f262630db3b3b207feb93c0eb2e969403b5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-