General
-
Target
Shipping_Details.exe
-
Size
1016KB
-
Sample
210126-zylh5h5mpa
-
MD5
a2147a20475e9d28619a453b136d243a
-
SHA1
f9b09fbe81859deba4deef7085fe5eab2e0678dd
-
SHA256
2481241b84bb15bca083f8b3f1267df8259d3ae97e8e58800b98bb994eabcbf5
-
SHA512
3011b62b9d02ed8586238c56f823d23d4cbb1ceae33edd360c8c65bcd868fa4557f9d1ff1bc6caaf40c9b33d52775ccc9d2d5d7e224ec51e8f67200ab49f7410
Static task
static1
Behavioral task
behavioral1
Sample
Shipping_Details.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Shipping_Details.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.transgear.in - Port:
587 - Username:
[email protected] - Password:
purchase@2020*
Targets
-
-
Target
Shipping_Details.exe
-
Size
1016KB
-
MD5
a2147a20475e9d28619a453b136d243a
-
SHA1
f9b09fbe81859deba4deef7085fe5eab2e0678dd
-
SHA256
2481241b84bb15bca083f8b3f1267df8259d3ae97e8e58800b98bb994eabcbf5
-
SHA512
3011b62b9d02ed8586238c56f823d23d4cbb1ceae33edd360c8c65bcd868fa4557f9d1ff1bc6caaf40c9b33d52775ccc9d2d5d7e224ec51e8f67200ab49f7410
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-