General
-
Target
MV. MANDARIN OSS MARITIME cpdd 09.02.2021.cab
-
Size
365KB
-
Sample
210421-kjehwcp6mn
-
MD5
217904e2e8fb1432287ba412caeb2c35
-
SHA1
a9ca16441820325bd48680f615fba139523764a8
-
SHA256
80c069ca754151a5254a6b52dba853bb9cd9837ebd812f27e5e13a638bb82791
-
SHA512
06402deb2e2a4c349b0f2d003755b273341a0a30a610d9590a278df172c97e13155e5154a3915f010f28b32baa9495659a9eb7d4ac775d63d67912cafa9f33f1
Static task
static1
Behavioral task
behavioral1
Sample
MV. MANDARIN OSS MARITIME cpdd 09.02.2021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
MV. MANDARIN OSS MARITIME cpdd 09.02.2021.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hyshippingcn.com - Port:
587 - Username:
plogs112@hyshippingcn.com - Password:
e*u@qkS4
Targets
-
-
Target
MV. MANDARIN OSS MARITIME cpdd 09.02.2021.exe
-
Size
477KB
-
MD5
0bbd4f88ffc0e2403dc677db55138705
-
SHA1
96969cad9fb63258840273415b56524e7e0dd44e
-
SHA256
4e03a6064d48718f91df9160b73f9a8cba2976bf516e6f97dc0ec1ddf2c05633
-
SHA512
71972eb34f862212faf2c90da28526aa7af502e3b32453bc9b3c4fefb52ceb50823f4da4003003f3527f87d41bf357e8adf2c84d22b3394aeac1d078df620e15
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-