General
-
Target
Quote CIF Port of Antwerp-Belgium.exe
-
Size
399KB
-
Sample
200630-vrn7sqrlfs
-
MD5
894bba1f722f354c53812117ae828ed5
-
SHA1
99c78b529d2a2b890426f427e5d50b78ea4e54b8
-
SHA256
f0f3f94877ac55a99e46669fa232ef88e1646b019864a27229be3ab23a17bf85
-
SHA512
5170680556585303d60aa8a7dc845ddce7a1d0cd3fd05b855ddad079f1ffd9f92fcb3b8213def003fab087c6be737fa75a44f55a638ac3009dc1a176d3ee8a75
Static task
static1
Behavioral task
behavioral1
Sample
Quote CIF Port of Antwerp-Belgium.exe
Resource
win7
Behavioral task
behavioral2
Sample
Quote CIF Port of Antwerp-Belgium.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
premium57.web-hosting.com - Port:
587 - Username:
japan-dea@zoomexpress.online - Password:
Goodboy123??
Targets
-
-
Target
Quote CIF Port of Antwerp-Belgium.exe
-
Size
399KB
-
MD5
894bba1f722f354c53812117ae828ed5
-
SHA1
99c78b529d2a2b890426f427e5d50b78ea4e54b8
-
SHA256
f0f3f94877ac55a99e46669fa232ef88e1646b019864a27229be3ab23a17bf85
-
SHA512
5170680556585303d60aa8a7dc845ddce7a1d0cd3fd05b855ddad079f1ffd9f92fcb3b8213def003fab087c6be737fa75a44f55a638ac3009dc1a176d3ee8a75
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-