General
-
Target
Ningbo shipping statement for March 2021.exe
-
Size
816KB
-
Sample
210419-7trfvs9q7j
-
MD5
840a47d9bf5168dd2f452b86294bc9da
-
SHA1
36814de1a82ae89739b26b0edb90abf41ca867cb
-
SHA256
b28f9a7f96b064ebc4ea9076e9dbaabce7387ef2a38944fcab534dc65e88d050
-
SHA512
bb54779bcfbfe88de1bcc6e4407087184c8910462f808275c2c46ef8350b60d437ef9fafec574317c40590af7c81d2e96f823a9d48aa17b7b964eae82b6767a0
Static task
static1
Behavioral task
behavioral1
Sample
Ningbo shipping statement for March 2021.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Ningbo shipping statement for March 2021.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.mdist.us - Port:
587 - Username:
[email protected] - Password:
pos#4321
Targets
-
-
Target
Ningbo shipping statement for March 2021.exe
-
Size
816KB
-
MD5
840a47d9bf5168dd2f452b86294bc9da
-
SHA1
36814de1a82ae89739b26b0edb90abf41ca867cb
-
SHA256
b28f9a7f96b064ebc4ea9076e9dbaabce7387ef2a38944fcab534dc65e88d050
-
SHA512
bb54779bcfbfe88de1bcc6e4407087184c8910462f808275c2c46ef8350b60d437ef9fafec574317c40590af7c81d2e96f823a9d48aa17b7b964eae82b6767a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-