General
-
Target
Khosrov Bey-vessel particulars.exe
-
Size
1.0MB
-
Sample
200629-7vkq3de9gs
-
MD5
6ce5e560acf78916b9d3c1f118737a27
-
SHA1
a7f02c05b9130c889163313a9fde868f37251ad5
-
SHA256
1fb309ceacbe3946132ea00e1bc669f3aa93fe2a05fc20afed62067c84b7f887
-
SHA512
2f4137702f1b591e7abf58f16133092c5ad23820b20d8f44f9ce0d0dd0e984b7eb462e89518ee339bcc9b5063049d4a6cf637aff1c08e42fd50910557575d6bf
Static task
static1
Behavioral task
behavioral1
Sample
Khosrov Bey-vessel particulars.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Khosrov Bey-vessel particulars.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tpcdel.com - Port:
587 - Username:
ecom8@tpcdel.com - Password:
EmlP@2018
Extracted
Protocol: smtp- Host:
mail.tpcdel.com - Port:
587 - Username:
ecom8@tpcdel.com - Password:
EmlP@2018
Targets
-
-
Target
Khosrov Bey-vessel particulars.exe
-
Size
1.0MB
-
MD5
6ce5e560acf78916b9d3c1f118737a27
-
SHA1
a7f02c05b9130c889163313a9fde868f37251ad5
-
SHA256
1fb309ceacbe3946132ea00e1bc669f3aa93fe2a05fc20afed62067c84b7f887
-
SHA512
2f4137702f1b591e7abf58f16133092c5ad23820b20d8f44f9ce0d0dd0e984b7eb462e89518ee339bcc9b5063049d4a6cf637aff1c08e42fd50910557575d6bf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-