General
-
Target
Purchase Order.exe
-
Size
635KB
-
Sample
200630-ghk9g24jqe
-
MD5
a16e39975fd3c0f0c707f661102813e1
-
SHA1
e729381aa629fdfb01cec05f2f747dfe99a5594d
-
SHA256
aec14877d4e03e342e0f010e0d6c25aea5492f94ddbd7d48ab41607f609bb87b
-
SHA512
b3ae3e974193dd8ca2e599d077a3f8e01831b06131069d07ffe3245ad09d13bbf11ee2cf65679bc74ebd08a24a60bd9e31d9ed4b733340a9fc921a582060e4da
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order.exe
Resource
win7
Behavioral task
behavioral2
Sample
Purchase Order.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.anissh.com - Port:
587 - Username:
tpishm118@anissh.com - Password:
arzokhan121
Targets
-
-
Target
Purchase Order.exe
-
Size
635KB
-
MD5
a16e39975fd3c0f0c707f661102813e1
-
SHA1
e729381aa629fdfb01cec05f2f747dfe99a5594d
-
SHA256
aec14877d4e03e342e0f010e0d6c25aea5492f94ddbd7d48ab41607f609bb87b
-
SHA512
b3ae3e974193dd8ca2e599d077a3f8e01831b06131069d07ffe3245ad09d13bbf11ee2cf65679bc74ebd08a24a60bd9e31d9ed4b733340a9fc921a582060e4da
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-