General
-
Target
shipment.exe
-
Size
512KB
-
Sample
210915-h6m51sdbck
-
MD5
6dc1e7e8687a813e5c8fb0ec2c874f1e
-
SHA1
e87e4d3287c2721d5b6bf2def8bbfba3ac629130
-
SHA256
c4dd68e2846d2d45a1e04a402a7a70a02a993f7da7eca9febd34a8cb7fd3e91c
-
SHA512
767f7a76006ddc233e1026f99458a1543f8bc02a7fc4355ccddc54bdd245ebdf5dbd39b8fe131ce19e48c222897e4df8b224e2ce2cb77522d3fbeab4b6422a8a
Static task
static1
Behavioral task
behavioral1
Sample
shipment.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
shipment.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dm-teh.com - Port:
587 - Username:
office@dm-teh.com - Password:
Vm@(O;CO.vEQ
Targets
-
-
Target
shipment.exe
-
Size
512KB
-
MD5
6dc1e7e8687a813e5c8fb0ec2c874f1e
-
SHA1
e87e4d3287c2721d5b6bf2def8bbfba3ac629130
-
SHA256
c4dd68e2846d2d45a1e04a402a7a70a02a993f7da7eca9febd34a8cb7fd3e91c
-
SHA512
767f7a76006ddc233e1026f99458a1543f8bc02a7fc4355ccddc54bdd245ebdf5dbd39b8fe131ce19e48c222897e4df8b224e2ce2cb77522d3fbeab4b6422a8a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-