General
-
Target
SHIPMENT DETAILS.exe
-
Size
506KB
-
Sample
200731-vbezvwr382
-
MD5
387938582350a94e786a703ecdb5897c
-
SHA1
9448ee73ad95c7dd3a083de1b491815189e9d11c
-
SHA256
84233ce927b293c6d092695bef42d0ab5dc55f53b76d0818ae574486bafb7b98
-
SHA512
00b17eb7adffc63ed21e82581a2c9216473db803777d9641d2dc05d8df194182d4c50333ad0e816eadb662d44edef839ff7439f2c80c6a4712db522881f899ce
Static task
static1
Behavioral task
behavioral1
Sample
SHIPMENT DETAILS.exe
Resource
win7
Behavioral task
behavioral2
Sample
SHIPMENT DETAILS.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gamzyolowo@yandex.com - Password:
chikaaka1
Targets
-
-
Target
SHIPMENT DETAILS.exe
-
Size
506KB
-
MD5
387938582350a94e786a703ecdb5897c
-
SHA1
9448ee73ad95c7dd3a083de1b491815189e9d11c
-
SHA256
84233ce927b293c6d092695bef42d0ab5dc55f53b76d0818ae574486bafb7b98
-
SHA512
00b17eb7adffc63ed21e82581a2c9216473db803777d9641d2dc05d8df194182d4c50333ad0e816eadb662d44edef839ff7439f2c80c6a4712db522881f899ce
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-