General
-
Target
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.exe
-
Size
1.2MB
-
Sample
210727-97hqc6ehv2
-
MD5
e6e9876ca73882229b9f4ef8451955b6
-
SHA1
c8c61e35f44565b8425d70b35fbaf0877170ac7c
-
SHA256
daed3b91bf4637976a692a7887589349751cba8dc222e74aeb766132a288fb92
-
SHA512
1abce051c232e5a907825d11ae713ed41281a2b2db78d89b89cbe2a03416fcd82c047af66792d3d2a6534dde2728d6041a933fd877531571b5d0b14c830b9aba
Static task
static1
Behavioral task
behavioral1
Sample
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com.tr - Port:
587 - Username:
muhasebe@strdijital.com - Password:
kahraman
Targets
-
-
Target
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.exe
-
Size
1.2MB
-
MD5
e6e9876ca73882229b9f4ef8451955b6
-
SHA1
c8c61e35f44565b8425d70b35fbaf0877170ac7c
-
SHA256
daed3b91bf4637976a692a7887589349751cba8dc222e74aeb766132a288fb92
-
SHA512
1abce051c232e5a907825d11ae713ed41281a2b2db78d89b89cbe2a03416fcd82c047af66792d3d2a6534dde2728d6041a933fd877531571b5d0b14c830b9aba
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-