General
-
Target
FedEx Express AWB#5305323204643.gz
-
Size
372KB
-
Sample
211021-bajdmahfh9
-
MD5
41a35c28e26250f9c07ce6634b7bc533
-
SHA1
407b9ced6ae4908e452b629e999213ca27a24a94
-
SHA256
a2449cb107f3e74a766f96fc424346e8836c717caba82cdd3779f0cf35e13832
-
SHA512
bc0e9bdf648c53d7444fde3a3261509d32dbb11781c494675a65b954f9e86a488fc9f7ffc8466e46bb616b7b776d4c1a5866b521d1725b78211b85e57b9ca409
Static task
static1
Behavioral task
behavioral1
Sample
FedEx Express AWB#5305323204643.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
FedEx Express AWB#5305323204643.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
info@ntdcompany.com - Password:
TOVSLRr7101
Targets
-
-
Target
FedEx Express AWB#5305323204643.exe
-
Size
417KB
-
MD5
7e4e1691ae9d7f15a4dc9f78c2db3f73
-
SHA1
637d60c20c46d023353e31883255ce8e215b16b1
-
SHA256
8826fdc74e7f0d4237b8cc8b397061ca8124ae712be9d264e8ec6f65d7fdb905
-
SHA512
f2848e95db9ba427d700e48f6aa5dba0fbb3ac20915fbeb15bff50100e7682971d00b3458eb3fd89731dcb1334528c668c5328ea32568c76370b37674eef1a9e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-