General
-
Target
MV ATLANTIC B - PRIME EAST SHIPPING.cab
-
Size
348KB
-
Sample
210421-1d8kphx2p6
-
MD5
d21d7e9f86bfa1f01313b255bc379bc2
-
SHA1
91871496a7ed56ba45c0bfdcd98a04c0ef90bf90
-
SHA256
b5d852e3731ede75265c73631bcfb37088f5478f9fb9325aca8fcf9dd61fbdfa
-
SHA512
6775ffecb1bded31ebbe26842248fa7abf81e2e180379d0eae13831462bfe75ac4209d36631be023506cddc77cd65ee703ca7f9b6bf442791a2b23b3e6d3d6ca
Static task
static1
Behavioral task
behavioral1
Sample
MV ATLANTIC B - PRIME EAST SHIPPING.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MV ATLANTIC B - PRIME EAST SHIPPING.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hyshippingcn.com - Port:
587 - Username:
plogs112@hyshippingcn.com - Password:
e*u@qkS4
Targets
-
-
Target
MV ATLANTIC B - PRIME EAST SHIPPING.exe
-
Size
479KB
-
MD5
58986c24e1bdbb6a4dc734972f0c2457
-
SHA1
55efb98db1658687405482410c825e2e0645c5ae
-
SHA256
deb49f04e1fd81d2c37e7a8a234d8460c6de4cd2513dca91fc5c6ed84fdae2f1
-
SHA512
e22c6140e11cff9584a963345b77989112fd2400bd0eb8a0b055a1fdc8f90b8e0e4167c8127da34aef30232ab0cabde63cd91b468fbc4757e8d53be04536b63e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-