General
-
Target
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.rar
-
Size
940KB
-
Sample
210727-vjtsrhvska
-
MD5
b403f31c76088a2ee2f200fe5a8b1e80
-
SHA1
67b23a699360dff5721c996b6451a8ee5663b7fb
-
SHA256
5850cb1649be858dac8ab1257f861dc8860351ab5ba15fdb24cc200cff6b3289
-
SHA512
6f0e5dadc95ac4dc19c4348fa5c85a4a0803c254b66e75b46dedae1d4f4491152d7805054d0890448b79ed86fdbd0af5489beb18b356799f5d36dc501179caca
Static task
static1
Behavioral task
behavioral1
Sample
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com.tr - Port:
587 - Username:
muhasebe@strdijital.com - Password:
kahraman
Targets
-
-
Target
COMMERCIAL INVOICE AND PACKING LIST - SHIP CONTAINER DOCUMENTS.exe
-
Size
1.2MB
-
MD5
e6e9876ca73882229b9f4ef8451955b6
-
SHA1
c8c61e35f44565b8425d70b35fbaf0877170ac7c
-
SHA256
daed3b91bf4637976a692a7887589349751cba8dc222e74aeb766132a288fb92
-
SHA512
1abce051c232e5a907825d11ae713ed41281a2b2db78d89b89cbe2a03416fcd82c047af66792d3d2a6534dde2728d6041a933fd877531571b5d0b14c830b9aba
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-