General
-
Target
Requesting for air freight charges.exe
-
Size
742KB
-
Sample
200707-lyw18jgw12
-
MD5
89a2ab0d3799f4a0b068b035269a57f5
-
SHA1
105f3dd62a29467d2cde2613d5301737aa2a97af
-
SHA256
5772f99f2fb2648a9252d6742881ed81b380ce0c6986270a600ab2b975f5c4de
-
SHA512
46359ade2f24be82044c4f049f4da2a158a1d92aa0a27cae57d05a1d52e9bb07bc0ca28004d29371a1e6ba778c9a2b8313516f07b28bfcf1e113a21b0d83645f
Static task
static1
Behavioral task
behavioral1
Sample
Requesting for air freight charges.exe
Resource
win7
Behavioral task
behavioral2
Sample
Requesting for air freight charges.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vimag.pl - Port:
587 - Username:
[email protected] - Password:
szczecin
Targets
-
-
Target
Requesting for air freight charges.exe
-
Size
742KB
-
MD5
89a2ab0d3799f4a0b068b035269a57f5
-
SHA1
105f3dd62a29467d2cde2613d5301737aa2a97af
-
SHA256
5772f99f2fb2648a9252d6742881ed81b380ce0c6986270a600ab2b975f5c4de
-
SHA512
46359ade2f24be82044c4f049f4da2a158a1d92aa0a27cae57d05a1d52e9bb07bc0ca28004d29371a1e6ba778c9a2b8313516f07b28bfcf1e113a21b0d83645f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-