General
-
Target
SHIP'S PARTICULARS - MV TBN.doc.cab
-
Size
299KB
-
Sample
211019-ls8fksgdfn
-
MD5
77c9b68b6e3103b4b95fdf6ad971379f
-
SHA1
492e4b9117bae316d19f27fd0f596a6150962c08
-
SHA256
1c632d32ca685e14588c4eee7964cdb8f510aa3828a4d68ba2c0ebbb010e6a12
-
SHA512
650f65b0dc5e095f7f600ce815dbfe9a463cac2ad9119b44bd7a6f25d5ff28637ddd3698ee87ea7469c4986d1192dc5bd9e4292c67feb6ca2fb3db73911c1e12
Static task
static1
Behavioral task
behavioral1
Sample
SHIP'S PARTICULARS - MV TBN.doc.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SHIP'S PARTICULARS - MV TBN.doc.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.penavico--cz.com - Port:
587 - Username:
[email protected] - Password:
Fq$L%J((!6
Targets
-
-
Target
SHIP'S PARTICULARS - MV TBN.doc.exe
-
Size
770KB
-
MD5
545eaa55c962df648708bb0bb01bcb28
-
SHA1
39e0c699f9bd668dc65561aef01451deeb41b073
-
SHA256
138e666baba119aed949d7064ded4f2ddafaa85e95b09bbd5c4ed7d2b77ac9ef
-
SHA512
4892171284b009dc58a0ea5a781006e52c1dc729e924f386749336b9e56880ecdf6f67e43bee9c8f26b345cfcaab4b53305cd78f33a04d1b3d6016db4a2684cb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-