General
-
Target
EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe
-
Size
635KB
-
Sample
210727-bhga5vh38x
-
MD5
ca9ce774706c2f1708af10d3da19be03
-
SHA1
059fc99b8d6ff50f997d7acb1a0ccf55cc776605
-
SHA256
4f4b3dded538765e48f27d8bf0ef605572313a3f95f71f642daa53402abd8776
-
SHA512
b351dbb0eae5871f7996a46d004862c824fdc6f23bfb06cff6b55f3662fc453e890e5af94c0b02cbf513228be27e39a5f13ccade69b5bd3de4149af1f34ed760
Static task
static1
Behavioral task
behavioral1
Sample
EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://universalinks.net/ - Port:
21 - Username:
bring4@universalinks.net - Password:
{lafa{u^wEx8
Targets
-
-
Target
EFINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. June 26, 2021.exe
-
Size
635KB
-
MD5
ca9ce774706c2f1708af10d3da19be03
-
SHA1
059fc99b8d6ff50f997d7acb1a0ccf55cc776605
-
SHA256
4f4b3dded538765e48f27d8bf0ef605572313a3f95f71f642daa53402abd8776
-
SHA512
b351dbb0eae5871f7996a46d004862c824fdc6f23bfb06cff6b55f3662fc453e890e5af94c0b02cbf513228be27e39a5f13ccade69b5bd3de4149af1f34ed760
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-