General
-
Target
SHIPPING ADVICE ASEAN.zip
-
Size
593KB
-
Sample
211202-q5bplahcdn
-
MD5
7535f1abc6ca54d6296b84f64e54202c
-
SHA1
3c1c5569840d7aea0fb52dd7d106929d1837a6ad
-
SHA256
0cf41981215a5ff601b361de4829764dd7b0ca81193fe3a7d291968da6ced314
-
SHA512
94ac652011ce7457cf2a57fc6e00a3e3ecd58d24733be49592909873eb753e86ce71af80972933dc8bcd27601edadc38a6ba1c542969cb443e25b098302fea6b
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING ADVICE ASEAN.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SHIPPING ADVICE ASEAN.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.packsealsind.com - Port:
587 - Username:
sales.mumbai@packsealsind.com - Password:
%Y44i3op
Targets
-
-
Target
SHIPPING ADVICE ASEAN.exe
-
Size
628KB
-
MD5
4433627ac7140fd9ac0b70ae167a70ae
-
SHA1
e0f9d617106dd665f5cabaaf7359bd2ce0f80271
-
SHA256
4026c7d6a31ceecfdf55ca0a67433809cbe346e0ec5a494a1d45e44d8659ee91
-
SHA512
21cb000f77ec9dec9b62421827b0651a8959d82c5deb4e0d1bfd1d737c8bf39458e5f3e49f44d5c9d32803646cfcb74e3b449d85c33744b7a538a406653c4e68
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-