General
-
Target
MV. STAR ELEGANCE - BBC AUSTRIA- CPDD 24TH FEB 2021-5TH HIRE SOA.cab
-
Size
348KB
-
Sample
210421-pq58b2lkaj
-
MD5
080d778457f9bdacde7e5f4efb387d05
-
SHA1
3c4b9402a26fe1cc92bb261bc92139c0e4302ede
-
SHA256
96bff31bb211f6d29600cc3d6aae117beb00397b59318f7b49466a11a3f786b1
-
SHA512
bb029840e4d94ad695fb505827430b6cc9a19e7059e69a3afad46ae257d4b36fc34327fca50bd73366ae4e1f15c52057dffaa8470b75ec46853d960635ad38b9
Static task
static1
Behavioral task
behavioral1
Sample
MV. STAR ELEGANCE - BBC AUSTRIA- CPDD 24TH FEB 2021-5TH HIRE SOA.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
MV. STAR ELEGANCE - BBC AUSTRIA- CPDD 24TH FEB 2021-5TH HIRE SOA.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.hyshippingcn.com - Port:
587 - Username:
plogs112@hyshippingcn.com - Password:
e*u@qkS4
Targets
-
-
Target
MV. STAR ELEGANCE - BBC AUSTRIA- CPDD 24TH FEB 2021-5TH HIRE SOA.exe
-
Size
479KB
-
MD5
58986c24e1bdbb6a4dc734972f0c2457
-
SHA1
55efb98db1658687405482410c825e2e0645c5ae
-
SHA256
deb49f04e1fd81d2c37e7a8a234d8460c6de4cd2513dca91fc5c6ed84fdae2f1
-
SHA512
e22c6140e11cff9584a963345b77989112fd2400bd0eb8a0b055a1fdc8f90b8e0e4167c8127da34aef30232ab0cabde63cd91b468fbc4757e8d53be04536b63e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-