General
-
Target
CARGO DECUMENT.rar
-
Size
565KB
-
Sample
210511-e1dt5jv98n
-
MD5
4afd0f01c414edb99aee1e87c1884828
-
SHA1
4a0018a89e943f4221b332f45c27cde2aa156aa4
-
SHA256
e4345fe0a71bae9a36b053c1c040a94b010815e1528cbce9c6fa21bbcfb95c8a
-
SHA512
dcaa27c9504c05ce7ccaca23f0a646728836eaa2eff1e665010eb125ade09bf0aba966febedf12a85729e8e497ea61425f839568c67b0495d6b350cbec762914
Static task
static1
Behavioral task
behavioral1
Sample
CARGO DECUMENT.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
CARGO DECUMENT.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cometshippings.com - Port:
587 - Username:
z@cometshippings.com - Password:
FNoY9fig8&Cyw];Fpk
Targets
-
-
Target
CARGO DECUMENT.exe
-
Size
929KB
-
MD5
43ecd98b39cc9ebfc3f85d0c69449373
-
SHA1
419842c79a2c0a3ecc1e0137235d77a9b585949e
-
SHA256
db59b7cbcd7ffd902553d10a3aceab64f2020a04f169e167e25d01a14125f5c5
-
SHA512
35acec2737051bc816e894ca128cdf57b1a7272d19396b425923b61ce89792cf0d03ee0f565132a61c1936d5ac78c814fbebecf69a41ef34a8ba903da85375af
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-