General
-
Target
Cargo details.exe
-
Size
937KB
-
Sample
210727-ztywdl5nmj
-
MD5
3f40014dd3cf212056d3ea4e81f253de
-
SHA1
27be3424c54288a9ac070063f130e7e7c4c8b255
-
SHA256
84d7d4e486208acf48a9b5108034c325d3420fcd3256e0611e87fa2dda52a910
-
SHA512
bdf0fdd610b4014e844a935fdb67559b9af12fa6a05b82811b33709432f4f19f33535d90ef1b1f2071d1952d656e566acce4a4d34797e5a31387b221ff456803
Static task
static1
Behavioral task
behavioral1
Sample
Cargo details.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Cargo details.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pelorusships.com - Port:
587 - Username:
[email protected] - Password:
Pelorusss@1230
Targets
-
-
Target
Cargo details.exe
-
Size
937KB
-
MD5
3f40014dd3cf212056d3ea4e81f253de
-
SHA1
27be3424c54288a9ac070063f130e7e7c4c8b255
-
SHA256
84d7d4e486208acf48a9b5108034c325d3420fcd3256e0611e87fa2dda52a910
-
SHA512
bdf0fdd610b4014e844a935fdb67559b9af12fa6a05b82811b33709432f4f19f33535d90ef1b1f2071d1952d656e566acce4a4d34797e5a31387b221ff456803
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-