General
-
Target
NEW ORDER PO# 3038280_PRO61821 EMS INC.exe
-
Size
264KB
-
Sample
210624-cnqqw5la36
-
MD5
a299c284634648f50d6854de78eb7e6e
-
SHA1
0bb3a590fde54d3310151411cb740651e4ffc370
-
SHA256
85c5f35470f6e7921ec125f8c7e103c9f32b22e369634f2706f98949f676641f
-
SHA512
4e637f8d7b4a6a0292d8da4b0a8f31bdedb964226c113a5acd57fa8252be454e1b2d7b06565cd5582e1bca39a5b9af8075e948f68fa15755dd2ca1c7b3c107cb
Static task
static1
Behavioral task
behavioral1
Sample
NEW ORDER PO# 3038280_PRO61821 EMS INC.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
NEW ORDER PO# 3038280_PRO61821 EMS INC.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cairoshippinginternational.com - Port:
587 - Username:
samy@cairoshippinginternational.com - Password:
NermoSamy@2006+
Targets
-
-
Target
NEW ORDER PO# 3038280_PRO61821 EMS INC.exe
-
Size
264KB
-
MD5
a299c284634648f50d6854de78eb7e6e
-
SHA1
0bb3a590fde54d3310151411cb740651e4ffc370
-
SHA256
85c5f35470f6e7921ec125f8c7e103c9f32b22e369634f2706f98949f676641f
-
SHA512
4e637f8d7b4a6a0292d8da4b0a8f31bdedb964226c113a5acd57fa8252be454e1b2d7b06565cd5582e1bca39a5b9af8075e948f68fa15755dd2ca1c7b3c107cb
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-