General
-
Target
printing labels and items shipping marks for order 200018808.exe
-
Size
653KB
-
Sample
211021-nrqkgsbahk
-
MD5
d66d39a631410003673f85a5c8293e85
-
SHA1
a9d4a8f39d2a58e6134faabc937ca8cce58dae93
-
SHA256
5e02cafcb735f048e38347099086988b2ee9d5c09956f95257602d3a45fd6716
-
SHA512
8cb1f697e0a7725913971d7bcaf5cf8614247f45dff0e443f96d9e79e775cebcf7ca80977fca7ba9c6ace74ae99d477ef61ea8c084b2e1a18b3632d2f0a41a42
Static task
static1
Behavioral task
behavioral1
Sample
printing labels and items shipping marks for order 200018808.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
printing labels and items shipping marks for order 200018808.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.electronmash.com - Port:
587 - Username:
office@electronmash.com - Password:
Zanzibar2018
Targets
-
-
Target
printing labels and items shipping marks for order 200018808.exe
-
Size
653KB
-
MD5
d66d39a631410003673f85a5c8293e85
-
SHA1
a9d4a8f39d2a58e6134faabc937ca8cce58dae93
-
SHA256
5e02cafcb735f048e38347099086988b2ee9d5c09956f95257602d3a45fd6716
-
SHA512
8cb1f697e0a7725913971d7bcaf5cf8614247f45dff0e443f96d9e79e775cebcf7ca80977fca7ba9c6ace74ae99d477ef61ea8c084b2e1a18b3632d2f0a41a42
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-