General
-
Target
Shipment Document BL INV and Packing list Attached.exe
-
Size
641KB
-
Sample
200731-a4hpq8h74s
-
MD5
2c0979106f8289a6bd62cade3af2445e
-
SHA1
0d632ae33206a89914a30f2db54ac4c2fb5e77d5
-
SHA256
c76eb44cecc21c33fb6f61db8ed02e9d0a560f988e9bafb1c9fff5164afb2cb8
-
SHA512
afb0104591c8570abda324e98042dd30ab29129b72af9c64359b314be6627925802e6fce300acb78290dd68df9b3783463b498514ab2e2d1e04d537953cb5961
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Document BL INV and Packing list Attached.exe
Resource
win7
Behavioral task
behavioral2
Sample
Shipment Document BL INV and Packing list Attached.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mitravet.com - Port:
587 - Username:
mv@mitravet.com - Password:
tunasushIsashim1
Targets
-
-
Target
Shipment Document BL INV and Packing list Attached.exe
-
Size
641KB
-
MD5
2c0979106f8289a6bd62cade3af2445e
-
SHA1
0d632ae33206a89914a30f2db54ac4c2fb5e77d5
-
SHA256
c76eb44cecc21c33fb6f61db8ed02e9d0a560f988e9bafb1c9fff5164afb2cb8
-
SHA512
afb0104591c8570abda324e98042dd30ab29129b72af9c64359b314be6627925802e6fce300acb78290dd68df9b3783463b498514ab2e2d1e04d537953cb5961
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-