General
-
Target
SHIPMENT- COMMERCIAL INVOICE.exe
-
Size
129KB
-
Sample
211019-ftrassgbdj
-
MD5
2797c66fef6b7a39fa7333cca468eb02
-
SHA1
7b15eb0f0725320b7f0ef32acd1535255b89bc2b
-
SHA256
9cca70423e0b22c6ffa39388a06346804a869e392cdf0cbe7ec9905db30bbcf3
-
SHA512
aa0c9f8f595068a1ef9dcb5273fe69bade86dc2aaab148b1bcdd86321987075b6529bf888c65317c7a492315314101036dbbf1da9275af5597df128031828eb3
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1481923647:AAGiBTAuCt4mxLt_RWPYNlSpw01yplTkoZI/sendDocument
Targets
-
-
Target
SHIPMENT- COMMERCIAL INVOICE.exe
-
Size
129KB
-
MD5
2797c66fef6b7a39fa7333cca468eb02
-
SHA1
7b15eb0f0725320b7f0ef32acd1535255b89bc2b
-
SHA256
9cca70423e0b22c6ffa39388a06346804a869e392cdf0cbe7ec9905db30bbcf3
-
SHA512
aa0c9f8f595068a1ef9dcb5273fe69bade86dc2aaab148b1bcdd86321987075b6529bf888c65317c7a492315314101036dbbf1da9275af5597df128031828eb3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-