General
-
Target
Shipping Document BL Copy.rar
-
Size
697KB
-
Sample
211201-t625qadhej
-
MD5
a19a382ddb1fa07de27d7dfa6e18e6b6
-
SHA1
0b7ed2df9509299ae4e78ae3916b1f15bbb5db54
-
SHA256
4b461a3d6737a0c056def5f4ae83caa23f6a0465b7062a6f48a7a02606cf11cb
-
SHA512
563ab16eead963465a2a8727f8a5484d6589f7ed28f4546d1144ef3e2143e8808ed8bfaf3e04cadef4267d82162eab2127f1a65e8b876164ea796821e9e26bfd
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Document BL Copy.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Shipping Document BL Copy.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dairysystems.co.ke - Port:
587 - Username:
[email protected] - Password:
2019@systems
Targets
-
-
Target
Shipping Document BL Copy.exe
-
Size
732KB
-
MD5
d47502f0f5b346169fe57cabb1228eee
-
SHA1
9ddfed11c7fd9beedc44c39ce7f1cac45783b532
-
SHA256
2d1dda31bb4e7657a3f9878a056323e398590837d3c11b45540013103bfbca97
-
SHA512
24869686cdea61de8025471bed5f5fe38ea0e5e94aec375cf52a25fc5ec28319314471576f66d5bbe66da45c252a6620cd272dc2690fbc929973a0e0b8eb284b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-