General
-
Target
Purchase Order_Pdf.exe
-
Size
1.1MB
-
Sample
210113-tqxqw1jf2e
-
MD5
24ab440ba14af239092dc2f4c04a4aed
-
SHA1
4f060fb538c3f5fba0b7e8e95bfc5c3f620ea190
-
SHA256
c213685d3005fbac05b0cd6b11a077f57cc4d50fcb762c7cab8a81ae7dec2043
-
SHA512
2d3ba4ced486d9de70598f9934e20951fe7e4e056d8f50a9ed4c6f947e169885efe9f7c9b24d2dcff345ba0b7b33ca47ee11defdade776dd22514aba22d8a10b
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_Pdf.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Purchase Order_Pdf.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.impressindia.net - Port:
587 - Username:
office-z9@impressindia.net - Password:
+EmoBNGlt2M,
Targets
-
-
Target
Purchase Order_Pdf.exe
-
Size
1.1MB
-
MD5
24ab440ba14af239092dc2f4c04a4aed
-
SHA1
4f060fb538c3f5fba0b7e8e95bfc5c3f620ea190
-
SHA256
c213685d3005fbac05b0cd6b11a077f57cc4d50fcb762c7cab8a81ae7dec2043
-
SHA512
2d3ba4ced486d9de70598f9934e20951fe7e4e056d8f50a9ed4c6f947e169885efe9f7c9b24d2dcff345ba0b7b33ca47ee11defdade776dd22514aba22d8a10b
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-