General
-
Target
Shipping Documents.exe
-
Size
1010KB
-
Sample
210722-l6jrw7z64x
-
MD5
545a001d325071a329dc49becbf9c5c2
-
SHA1
23f64db23c119c556f572e4750b10de4b204d012
-
SHA256
dc068269ba73ae7c96cae4f108ed356a66b1d8ba29ed1fd070ce31749c909bd9
-
SHA512
585d2968490c40265319d96aaea92bf0bbe0a0db862ae3ce9e8d4618c055e22b2c39ef14fa644f5a75617f4121c626cbaacace1f3026c737bc64c71e9aac4629
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Shipping Documents.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1635424534:AAEmSdFTyNmSh6Kk0U8EAlLQQg5g_gOyE74/sendDocument
Targets
-
-
Target
Shipping Documents.exe
-
Size
1010KB
-
MD5
545a001d325071a329dc49becbf9c5c2
-
SHA1
23f64db23c119c556f572e4750b10de4b204d012
-
SHA256
dc068269ba73ae7c96cae4f108ed356a66b1d8ba29ed1fd070ce31749c909bd9
-
SHA512
585d2968490c40265319d96aaea92bf0bbe0a0db862ae3ce9e8d4618c055e22b2c39ef14fa644f5a75617f4121c626cbaacace1f3026c737bc64c71e9aac4629
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-