General
-
Target
offer Order And Shipping Details.exe
-
Size
973KB
-
Sample
211014-qcntfsheh6
-
MD5
e541ccd346efda9a73ca77705c0f593b
-
SHA1
e7b586668604ad4db47455bf0fff086aeb0cad60
-
SHA256
336c8f08437e02813b6f5c4a9e61f6b22f93fb28b014532dfe48b5a1707f6cce
-
SHA512
a93b96a24188a2644e48df906f4e9780eb22bc13ecab7722dfb50a8a1c47ace547b34fd8ff1388c7dff99f1675c434da434c22c90ae5fcc90d37d59d0adf9134
Static task
static1
Behavioral task
behavioral1
Sample
offer Order And Shipping Details.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
offer Order And Shipping Details.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.thts.vn - Port:
587 - Username:
[email protected] - Password:
123luongngan1989
Targets
-
-
Target
offer Order And Shipping Details.exe
-
Size
973KB
-
MD5
e541ccd346efda9a73ca77705c0f593b
-
SHA1
e7b586668604ad4db47455bf0fff086aeb0cad60
-
SHA256
336c8f08437e02813b6f5c4a9e61f6b22f93fb28b014532dfe48b5a1707f6cce
-
SHA512
a93b96a24188a2644e48df906f4e9780eb22bc13ecab7722dfb50a8a1c47ace547b34fd8ff1388c7dff99f1675c434da434c22c90ae5fcc90d37d59d0adf9134
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-