General
-
Target
CARGO DECUMENT.exe
-
Size
929KB
-
Sample
210511-khvl36gehn
-
MD5
43ecd98b39cc9ebfc3f85d0c69449373
-
SHA1
419842c79a2c0a3ecc1e0137235d77a9b585949e
-
SHA256
db59b7cbcd7ffd902553d10a3aceab64f2020a04f169e167e25d01a14125f5c5
-
SHA512
35acec2737051bc816e894ca128cdf57b1a7272d19396b425923b61ce89792cf0d03ee0f565132a61c1936d5ac78c814fbebecf69a41ef34a8ba903da85375af
Static task
static1
Behavioral task
behavioral1
Sample
CARGO DECUMENT.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
CARGO DECUMENT.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cometshippings.com - Port:
587 - Username:
z@cometshippings.com - Password:
FNoY9fig8&Cyw];Fpk
Targets
-
-
Target
CARGO DECUMENT.exe
-
Size
929KB
-
MD5
43ecd98b39cc9ebfc3f85d0c69449373
-
SHA1
419842c79a2c0a3ecc1e0137235d77a9b585949e
-
SHA256
db59b7cbcd7ffd902553d10a3aceab64f2020a04f169e167e25d01a14125f5c5
-
SHA512
35acec2737051bc816e894ca128cdf57b1a7272d19396b425923b61ce89792cf0d03ee0f565132a61c1936d5ac78c814fbebecf69a41ef34a8ba903da85375af
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-