General
-
Target
Ref 0180066743.PDF.bat
-
Size
477KB
-
Sample
200731-zng7cazacs
-
MD5
b8f7976a9643bc6b2ec50cadc3b3b7a2
-
SHA1
0e4506900b62431bd0ee840ef956270416394a0b
-
SHA256
86de94484346c6fefa6b2baa70af6e34cc91d845bd995640face3b580db9b07d
-
SHA512
97cd28f04a66837b89931753eb52cd3eee94299188d38587b3c0823df1b98622f154984a0addc70af517e7dbba860d15c09c36eb1614a74fbcde7164bf4e31b4
Static task
static1
Behavioral task
behavioral1
Sample
Ref 0180066743.PDF.bat.exe
Resource
win7
Behavioral task
behavioral2
Sample
Ref 0180066743.PDF.bat.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.emifarma.com - Port:
587 - Username:
droidx@emifarma.com - Password:
icui4cu2@@
Targets
-
-
Target
Ref 0180066743.PDF.bat
-
Size
477KB
-
MD5
b8f7976a9643bc6b2ec50cadc3b3b7a2
-
SHA1
0e4506900b62431bd0ee840ef956270416394a0b
-
SHA256
86de94484346c6fefa6b2baa70af6e34cc91d845bd995640face3b580db9b07d
-
SHA512
97cd28f04a66837b89931753eb52cd3eee94299188d38587b3c0823df1b98622f154984a0addc70af517e7dbba860d15c09c36eb1614a74fbcde7164bf4e31b4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-