General
-
Target
SKU10088002 loading photos and container comm inv and packing list.exe
-
Size
566KB
-
Sample
211021-q1tdvabcbp
-
MD5
0e8b01d10cce62d28f58897bad493b57
-
SHA1
63cddbb8231c3f1d61fb528cb74902d047038018
-
SHA256
b1fe3e4522b701047d35e034db5ed2e9b8b10619b15f3d1a0b44b8da1a499352
-
SHA512
86506f1bb54d5f7362bfbe548737af89cf4c0afe939152619d6bd08460b086ebca47cb35b18a273e82bb27f6c7400665883635612d2245bc18509b131a9dc4ef
Static task
static1
Behavioral task
behavioral1
Sample
SKU10088002 loading photos and container comm inv and packing list.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
SKU10088002 loading photos and container comm inv and packing list.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.electronmash.com - Port:
587 - Username:
office@electronmash.com - Password:
Zanzibar2018
Targets
-
-
Target
SKU10088002 loading photos and container comm inv and packing list.exe
-
Size
566KB
-
MD5
0e8b01d10cce62d28f58897bad493b57
-
SHA1
63cddbb8231c3f1d61fb528cb74902d047038018
-
SHA256
b1fe3e4522b701047d35e034db5ed2e9b8b10619b15f3d1a0b44b8da1a499352
-
SHA512
86506f1bb54d5f7362bfbe548737af89cf4c0afe939152619d6bd08460b086ebca47cb35b18a273e82bb27f6c7400665883635612d2245bc18509b131a9dc4ef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-