General
-
Target
Documents Of Shipping
-
Size
346KB
-
Sample
211022-lar1waccel
-
MD5
5fe507eb6a76faf15380d259508346f4
-
SHA1
0050d63477be4f3d5d807d1cea67a5bad03edb38
-
SHA256
ec75c480db2874572e44afbf2bd961b1f744a45dc4eb1f2557c5d299093089b1
-
SHA512
9707c6ce53c9f5d345eb44da851ff3640f7341acf9752d5af8f89981e1bc15c93d5a2bd9e6a289d2f69dc7e4bfd0dbd3451e585b331dc0ccf9e83d568f966253
Static task
static1
Behavioral task
behavioral1
Sample
Documents Of Shipping.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Documents Of Shipping.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2021562129:AAG5jOD-8o1ZVDhFUnGUw6bzmNZXXfUtGN0/sendDocument
Targets
-
-
Target
Documents Of Shipping
-
Size
346KB
-
MD5
5fe507eb6a76faf15380d259508346f4
-
SHA1
0050d63477be4f3d5d807d1cea67a5bad03edb38
-
SHA256
ec75c480db2874572e44afbf2bd961b1f744a45dc4eb1f2557c5d299093089b1
-
SHA512
9707c6ce53c9f5d345eb44da851ff3640f7341acf9752d5af8f89981e1bc15c93d5a2bd9e6a289d2f69dc7e4bfd0dbd3451e585b331dc0ccf9e83d568f966253
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-