General
-
Target
Import shipment.exe
-
Size
881KB
-
Sample
210511-jex34xaexx
-
MD5
4a9131c00bd43b53f57b7a09b4105679
-
SHA1
a0ac3b4faa408e0925d476e883bcd2c80049e448
-
SHA256
fba0ad79b3ce7a61716a30682ae383766a93f7992c55cf0f8dba82369c63a0b6
-
SHA512
9c7142a8d374532370b049e8962c58fbbcf5a45c653b7ce566acbf1defb38cbdbc704758c60d339caf68e1177cddb1944a2ce3114be8c4754ce8d515aa1e4cb2
Static task
static1
Behavioral task
behavioral1
Sample
Import shipment.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Import shipment.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
market@marketresearchtrade.com - Password:
m@T_~U$eHI40
Targets
-
-
Target
Import shipment.exe
-
Size
881KB
-
MD5
4a9131c00bd43b53f57b7a09b4105679
-
SHA1
a0ac3b4faa408e0925d476e883bcd2c80049e448
-
SHA256
fba0ad79b3ce7a61716a30682ae383766a93f7992c55cf0f8dba82369c63a0b6
-
SHA512
9c7142a8d374532370b049e8962c58fbbcf5a45c653b7ce566acbf1defb38cbdbc704758c60d339caf68e1177cddb1944a2ce3114be8c4754ce8d515aa1e4cb2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-