General
-
Target
cargo details.exe
-
Size
852KB
-
Sample
210511-4v9jlhn6xx
-
MD5
667dc2043a6a1ccb0f70810e7d566b58
-
SHA1
6d749c15e64e961690e6614761ff9b8370d3bf43
-
SHA256
01ca714d163a5a4498d1174c893b519dce2f0cc968bf7aac2474694b1109f6d9
-
SHA512
ca335532db0832b26ae5ef0bbb7f5ec0aa971ea54be139a367d93313f38108b36c03dbd1cf571e769f55d6c6daab87aec7bef75c102a7f3c21d262604da6248f
Static task
static1
Behavioral task
behavioral1
Sample
cargo details.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
cargo details.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
jokelogs@omnlltd.com - Password:
E#@Dfb$LbM)M
Targets
-
-
Target
cargo details.exe
-
Size
852KB
-
MD5
667dc2043a6a1ccb0f70810e7d566b58
-
SHA1
6d749c15e64e961690e6614761ff9b8370d3bf43
-
SHA256
01ca714d163a5a4498d1174c893b519dce2f0cc968bf7aac2474694b1109f6d9
-
SHA512
ca335532db0832b26ae5ef0bbb7f5ec0aa971ea54be139a367d93313f38108b36c03dbd1cf571e769f55d6c6daab87aec7bef75c102a7f3c21d262604da6248f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-