General
-
Target
Scan copy 06-30,pdf.exe
-
Size
652KB
-
Sample
200630-hdb5c8bcrx
-
MD5
7bd2515a0f9ebde930e27c0bf06e131c
-
SHA1
3347f073c4ad2fa6b1e8d67dab4e0b620421862f
-
SHA256
c91e8129cb25677b01b171c95df30e2d7500eb40f2c375b70aa0463564b385c5
-
SHA512
a0143436b1d9cd9c1edc52df95531b91238b66045fc5476e928fbdaab01cfeb55569069e3d824cd8f2fc176e03ccc3b10fa843942154acda8ff948500cd91908
Static task
static1
Behavioral task
behavioral1
Sample
Scan copy 06-30,pdf.exe
Resource
win7
Behavioral task
behavioral2
Sample
Scan copy 06-30,pdf.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server03.imanila.ph - Port:
587 - Username:
service@handyware.net.ph - Password:
EZ5E83Pe%V-N
Targets
-
-
Target
Scan copy 06-30,pdf.exe
-
Size
652KB
-
MD5
7bd2515a0f9ebde930e27c0bf06e131c
-
SHA1
3347f073c4ad2fa6b1e8d67dab4e0b620421862f
-
SHA256
c91e8129cb25677b01b171c95df30e2d7500eb40f2c375b70aa0463564b385c5
-
SHA512
a0143436b1d9cd9c1edc52df95531b91238b66045fc5476e928fbdaab01cfeb55569069e3d824cd8f2fc176e03ccc3b10fa843942154acda8ff948500cd91908
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-