General
-
Target
shipment doc.exe
-
Size
545KB
-
Sample
211022-g12ksacagq
-
MD5
3f447387337591602b837f5b02ab271e
-
SHA1
33291bad68b6b05efec4eb10c1092a08b7745e85
-
SHA256
958ada8f665a73d481ad974e482e553d2b4e84e895febe16c4766599d60a7225
-
SHA512
ceedb818ce417c9aa078bc388f547516feccc5166bcb45c41e085da08e0e4ad8b7f19b249c73e40eec0827cf5f9a21987d5bb7f465d69a4f450e019fc7dd3ae7
Static task
static1
Behavioral task
behavioral1
Sample
shipment doc.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
shipment doc.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.diva-italia.com - Port:
587 - Username:
info@diva-italia.com - Password:
rr.@%5LjgLz7
Targets
-
-
Target
shipment doc.exe
-
Size
545KB
-
MD5
3f447387337591602b837f5b02ab271e
-
SHA1
33291bad68b6b05efec4eb10c1092a08b7745e85
-
SHA256
958ada8f665a73d481ad974e482e553d2b4e84e895febe16c4766599d60a7225
-
SHA512
ceedb818ce417c9aa078bc388f547516feccc5166bcb45c41e085da08e0e4ad8b7f19b249c73e40eec0827cf5f9a21987d5bb7f465d69a4f450e019fc7dd3ae7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-