General
-
Target
_100220218330307368_MT_103________PDF___.zip
-
Size
621KB
-
Sample
210423-skry7l4nfx
-
MD5
8f3a2dd972f7cae26e487399ab083666
-
SHA1
a59d05a51b2cdfcb399acfd027406f57bacd8346
-
SHA256
eeb031ac5970b9792deb66aab1245c7b2dc682d72942d43c335a849d75c224f3
-
SHA512
f2355f47493643e6595e6f29caea9093b532d44c76da7c3a903226ad0e36d887a5f21d3e61d7895dd4eebf9ec8d20c399daae16a1e620c8fec1b5cbb79fa2582
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Invoice.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Shipping Invoice.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lokalboyz.com - Port:
587 - Username:
oc2021@lokalboyz.com - Password:
lkEb6ovn
Targets
-
-
Target
Shipping Invoice.exe
-
Size
853KB
-
MD5
2a6aa0a5026ba0cb75c6a6c475b58da4
-
SHA1
01f3140e506a6b11bf9bd52bd3c49a8883d60690
-
SHA256
5f4e2a1354cd895b7deccd1e0e702bff02eee8aee5a388f98526b6e203ea131b
-
SHA512
e1a6530ddc0b8bb436d0104dc0b6c08f58ac20d1fa6029e1c2fcca5ed1fbfc34a49368412a609237f6180f2f4edd404d91b482d70cef3c71d321fb5601de3988
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-