General
-
Target
invoice - OP234156.exe
-
Size
1.0MB
-
Sample
200630-2rxc5gvhn6
-
MD5
7dd09efa0dbec9e5859058990bae29be
-
SHA1
799c2be5ff5774803b13b3aebaaa292f4cb53e01
-
SHA256
5de19be53ca23befa21883db456fb708b1a47bd399aa93ab5794d6a2ef9aede3
-
SHA512
357436e8139492f1d2cf4429730ce22ce067cf6c031f1c3814f168c4e59e5fdcea3a665395c0116ab52c3e234dcedcf260318d77f952b5dab4d966555e966b28
Static task
static1
Behavioral task
behavioral1
Sample
invoice - OP234156.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
invoice - OP234156.exe
Resource
win10
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
john5on.muller@yandex.com - Password:
41k2c4yfVG
Targets
-
-
Target
invoice - OP234156.exe
-
Size
1.0MB
-
MD5
7dd09efa0dbec9e5859058990bae29be
-
SHA1
799c2be5ff5774803b13b3aebaaa292f4cb53e01
-
SHA256
5de19be53ca23befa21883db456fb708b1a47bd399aa93ab5794d6a2ef9aede3
-
SHA512
357436e8139492f1d2cf4429730ce22ce067cf6c031f1c3814f168c4e59e5fdcea3a665395c0116ab52c3e234dcedcf260318d77f952b5dab4d966555e966b28
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-