General
-
Target
shipping invoice.doc.exe
-
Size
441KB
-
Sample
200629-y1ygjtcx3n
-
MD5
ee64f2d88f5682ab1b3d6421d1690499
-
SHA1
58959ee327e04f06316c9377b381f47927fa5b24
-
SHA256
4464e1f0a9cd4c97b7d96d68f74cd59c4e5dae1d0a4f5cf5ef5c2a1450ee473f
-
SHA512
1bd1e111b4df0dd30ead2f0f019a0d0f14c697fa64b77684d398dbb373ac1cda685a2fbb12dfc2f286b1ce0c81dbfdae7ee859ca4e108d03186e928d39a7c381
Static task
static1
Behavioral task
behavioral1
Sample
shipping invoice.doc.exe
Resource
win7
Behavioral task
behavioral2
Sample
shipping invoice.doc.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
infokingking88@yandex.ru - Password:
kingmoney12345
Targets
-
-
Target
shipping invoice.doc.exe
-
Size
441KB
-
MD5
ee64f2d88f5682ab1b3d6421d1690499
-
SHA1
58959ee327e04f06316c9377b381f47927fa5b24
-
SHA256
4464e1f0a9cd4c97b7d96d68f74cd59c4e5dae1d0a4f5cf5ef5c2a1450ee473f
-
SHA512
1bd1e111b4df0dd30ead2f0f019a0d0f14c697fa64b77684d398dbb373ac1cda685a2fbb12dfc2f286b1ce0c81dbfdae7ee859ca4e108d03186e928d39a7c381
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-