General
-
Target
Seafood Specification BT & vannamei shrimps_mackerel supply data RFQ 40FL 0086221042021.exe
-
Size
1.1MB
-
Sample
210421-w3xwrh8gxn
-
MD5
572f049b715906cdfed0a521a6ff2ab8
-
SHA1
5c32a80ba9f957190ec6392e794367b82cf283b1
-
SHA256
5170816f9fb96fbc0e4155b3b4536c865d4a09feeb23f8cbda6e6c2e1296304c
-
SHA512
3bc202c28eb2569cad2676a0abc22bfe62a79d99c1904937b92db7f716435b2454ca86bf803350720f988f332d82ed7078a9a0134bad7579135d0beeb61daa6e
Static task
static1
Behavioral task
behavioral1
Sample
Seafood Specification BT & vannamei shrimps_mackerel supply data RFQ 40FL 0086221042021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Seafood Specification BT & vannamei shrimps_mackerel supply data RFQ 40FL 0086221042021.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.corroshield.co.id - Port:
587 - Username:
procurement@corroshield.co.id - Password:
kramatjati1945
Targets
-
-
Target
Seafood Specification BT & vannamei shrimps_mackerel supply data RFQ 40FL 0086221042021.exe
-
Size
1.1MB
-
MD5
572f049b715906cdfed0a521a6ff2ab8
-
SHA1
5c32a80ba9f957190ec6392e794367b82cf283b1
-
SHA256
5170816f9fb96fbc0e4155b3b4536c865d4a09feeb23f8cbda6e6c2e1296304c
-
SHA512
3bc202c28eb2569cad2676a0abc22bfe62a79d99c1904937b92db7f716435b2454ca86bf803350720f988f332d82ed7078a9a0134bad7579135d0beeb61daa6e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-