General
-
Target
1FINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. July 20, 2021.exe
-
Size
908KB
-
Sample
210727-lvb48rah6n
-
MD5
144141ae2aa727bc13fd74745b7a1315
-
SHA1
05c9afef4033721637adb0e8ae5bfe2339eab9af
-
SHA256
39237253378c85888c0281afc0190177c88c3d648089782de5ae1cab7e67ecef
-
SHA512
52d64205719b12b881008a3aa9fc1a00835ea607f81e61b7a3b27526e4e10123439419512cb113ecfb9e4dcda32b4a703c14f536c55b285b1f6be5e67332d8f5
Static task
static1
Behavioral task
behavioral1
Sample
1FINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. July 20, 2021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
1FINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. July 20, 2021.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://universalinks.net/ - Port:
21 - Username:
bring4@universalinks.net - Password:
{lafa{u^wEx8
Targets
-
-
Target
1FINAL REVISED_INVOICE AND PACKING LIST FOR SHIPMENT Email no. M1053 dd. July 20, 2021.exe
-
Size
908KB
-
MD5
144141ae2aa727bc13fd74745b7a1315
-
SHA1
05c9afef4033721637adb0e8ae5bfe2339eab9af
-
SHA256
39237253378c85888c0281afc0190177c88c3d648089782de5ae1cab7e67ecef
-
SHA512
52d64205719b12b881008a3aa9fc1a00835ea607f81e61b7a3b27526e4e10123439419512cb113ecfb9e4dcda32b4a703c14f536c55b285b1f6be5e67332d8f5
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-