General
-
Target
USD67,884.08_Payment_Advise_9083008849.exe
-
Size
860KB
-
Sample
201121-lxteb61sgs
-
MD5
947edeb169369ac67c5448cc2f8104a3
-
SHA1
5d2181f018ab4b8afd6b193e4651233b44ad7d62
-
SHA256
3a89a79e825bf330e3ea46f6a5f548529b642dc61219a8deeaec070a0688a08e
-
SHA512
798b7004b2019ffbff67a1f3636ad7dd3b93ef0a9338960d8a7e69eda79aa7d9e097aa888b68f942e21f0a89e98dca66d679f56d06b9ab7b81c4241b1f5840f8
Static task
static1
Behavioral task
behavioral1
Sample
USD67,884.08_Payment_Advise_9083008849.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
USD67,884.08_Payment_Advise_9083008849.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
USD67,884.08_Payment_Advise_9083008849.exe
-
Size
860KB
-
MD5
947edeb169369ac67c5448cc2f8104a3
-
SHA1
5d2181f018ab4b8afd6b193e4651233b44ad7d62
-
SHA256
3a89a79e825bf330e3ea46f6a5f548529b642dc61219a8deeaec070a0688a08e
-
SHA512
798b7004b2019ffbff67a1f3636ad7dd3b93ef0a9338960d8a7e69eda79aa7d9e097aa888b68f942e21f0a89e98dca66d679f56d06b9ab7b81c4241b1f5840f8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-