General
-
Target
gz.gz
-
Size
907KB
-
Sample
210915-h6m51saah3
-
MD5
f710066ce92d1b9a985e1be22be6c435
-
SHA1
1e971d031392e4e264c92727f176268e8bd63537
-
SHA256
3a1faf97261ca67c41bd4dab6de42c4d4c81c70611f165a58d6ece2888f102fc
-
SHA512
f6205edf423242f7c6a931408f83234dc6748453910a37546af4439e362dfe2ae4eed9a3c403921a1020a30a0b362ba92a875d562da429940e534c787f87dc0b
Static task
static1
Behavioral task
behavioral1
Sample
DOCUMENTS/shipment.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DOCUMENTS/shipment.exe
Resource
win10-en
Behavioral task
behavioral3
Sample
shipment.exe
Resource
win7-en
Behavioral task
behavioral4
Sample
shipment.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dm-teh.com - Port:
587 - Username:
office@dm-teh.com - Password:
Vm@(O;CO.vEQ
Targets
-
-
Target
DOCUMENTS/shipment.exe
-
Size
512KB
-
MD5
6dc1e7e8687a813e5c8fb0ec2c874f1e
-
SHA1
e87e4d3287c2721d5b6bf2def8bbfba3ac629130
-
SHA256
c4dd68e2846d2d45a1e04a402a7a70a02a993f7da7eca9febd34a8cb7fd3e91c
-
SHA512
767f7a76006ddc233e1026f99458a1543f8bc02a7fc4355ccddc54bdd245ebdf5dbd39b8fe131ce19e48c222897e4df8b224e2ce2cb77522d3fbeab4b6422a8a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-
-
-
Target
shipment.exe
-
Size
512KB
-
MD5
6dc1e7e8687a813e5c8fb0ec2c874f1e
-
SHA1
e87e4d3287c2721d5b6bf2def8bbfba3ac629130
-
SHA256
c4dd68e2846d2d45a1e04a402a7a70a02a993f7da7eca9febd34a8cb7fd3e91c
-
SHA512
767f7a76006ddc233e1026f99458a1543f8bc02a7fc4355ccddc54bdd245ebdf5dbd39b8fe131ce19e48c222897e4df8b224e2ce2cb77522d3fbeab4b6422a8a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-