General
-
Target
COSCO SHIPPING AGENCY.rar
-
Size
520KB
-
Sample
210915-hnm3asaac5
-
MD5
8780698494c447a5b1837b7256adc8b8
-
SHA1
862dab75929a91f8f22025b9ca195d58df5e0af6
-
SHA256
3711fe2e62b7f27e9c09c78aeff22d72ef951626fd342b4c0571720cb0deb692
-
SHA512
544c71b230a9d38e7eb66054c9bfe3bbc730f93aa714c686b8eaa1e5dab87950c07ddddbb36c99c72b20a916a625041fa33cc9ef70b1ac128c3ab3e5d2511022
Static task
static1
Behavioral task
behavioral1
Sample
required.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
required.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rosaritoindustries.com - Port:
587 - Username:
inquiry@rosaritoindustries.com - Password:
aircondivision2019
Targets
-
-
Target
required.exe
-
Size
1.0MB
-
MD5
08a652c3adb52cc860c1b35dc2838f23
-
SHA1
6d630ca20b831dfa6db2b33ea1f0a256a1d13e60
-
SHA256
63e6198cee195250e7ef3aedecfacdfeb6fdbce9e4f3fd9c1260ef67075819a3
-
SHA512
7df0d8df46a9b44652a239c969f2da6bc81f15b91cc6ecfef9b904caf27dc73fa37494113651931f5c866e1f8b42503279addb0d209997a13cd646421d198c5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-