General
-
Target
DHL_1.EXE
-
Size
433KB
-
Sample
200630-45skfmxwzn
-
MD5
2ee84ea7892cca7b876be47b2c0e4028
-
SHA1
6d00c8550011e0214ca6fd98f2ea88f00a1c3d14
-
SHA256
6a22f447f1f33ab89c601e610999524ccb6d764361d3bdadaedd2c3b8d6b7184
-
SHA512
f9638f629d635d10756e91795940e89510a670924203f0c0c07b681d3fc9d01113c8017b81e8a8339eec9d5206326c0fcdfea236a733c8bd31515310a280ad6f
Static task
static1
Behavioral task
behavioral1
Sample
DHL_1.EXE
Resource
win7
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mailduplicate@yandex.com - Password:
daddyhandsome1234
Targets
-
-
Target
DHL_1.EXE
-
Size
433KB
-
MD5
2ee84ea7892cca7b876be47b2c0e4028
-
SHA1
6d00c8550011e0214ca6fd98f2ea88f00a1c3d14
-
SHA256
6a22f447f1f33ab89c601e610999524ccb6d764361d3bdadaedd2c3b8d6b7184
-
SHA512
f9638f629d635d10756e91795940e89510a670924203f0c0c07b681d3fc9d01113c8017b81e8a8339eec9d5206326c0fcdfea236a733c8bd31515310a280ad6f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-