General
-
Target
SHIPPING DOCUMENT & PACKING LIST.exe
-
Size
500KB
-
Sample
201126-qg52k48hgj
-
MD5
8606b486e3efb971e0c629ea8260368c
-
SHA1
1030a41cf3debb6f82464b9b95d33da0d5199c9f
-
SHA256
6abf5552765851e4db6d8346af1473568c7d1497fd848648e32bd1c5c8d8cb2f
-
SHA512
7e98d88ae39fedeb405deaa33c8ea98bdfb0f8ac2a9a495a17618f17b70851899a2c77428d1100c4e3ef919b51f7619e2a2f0b3fb20546409306a97f33e1a55c
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENT & PACKING LIST.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENT & PACKING LIST.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lockitsolutions.co.ke - Port:
587 - Username:
ikenna@lockitsolutions.co.ke - Password:
ouh$PPGm#v3K
Targets
-
-
Target
SHIPPING DOCUMENT & PACKING LIST.exe
-
Size
500KB
-
MD5
8606b486e3efb971e0c629ea8260368c
-
SHA1
1030a41cf3debb6f82464b9b95d33da0d5199c9f
-
SHA256
6abf5552765851e4db6d8346af1473568c7d1497fd848648e32bd1c5c8d8cb2f
-
SHA512
7e98d88ae39fedeb405deaa33c8ea98bdfb0f8ac2a9a495a17618f17b70851899a2c77428d1100c4e3ef919b51f7619e2a2f0b3fb20546409306a97f33e1a55c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-