General
-
Target
AWB & Shipping Documents.exe
-
Size
880KB
-
Sample
210620-tjc894jaxx
-
MD5
7c4194af8b96aba768004cf02dc66ff2
-
SHA1
0316176e546e300c41ab967ed0b671aa843e5298
-
SHA256
33a82cfa5ef0f113bfa98be28c2a3d8637423f8e22be91179ee36a907ef808ca
-
SHA512
e2fd5179e9a86cf428ac2c1b2e02479be736e905c9a280c50989b0f7d76dd9966ec9a0284ac07cc5074d01dd9a455e6a5fff396123369b2f027c229cfc6f2c4f
Static task
static1
Behavioral task
behavioral1
Sample
AWB & Shipping Documents.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
AWB & Shipping Documents.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.excetek-tw.com - Port:
587 - Username:
bangerlee@excetek-tw.com - Password:
^zC)hee7
Targets
-
-
Target
AWB & Shipping Documents.exe
-
Size
880KB
-
MD5
7c4194af8b96aba768004cf02dc66ff2
-
SHA1
0316176e546e300c41ab967ed0b671aa843e5298
-
SHA256
33a82cfa5ef0f113bfa98be28c2a3d8637423f8e22be91179ee36a907ef808ca
-
SHA512
e2fd5179e9a86cf428ac2c1b2e02479be736e905c9a280c50989b0f7d76dd9966ec9a0284ac07cc5074d01dd9a455e6a5fff396123369b2f027c229cfc6f2c4f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-