General
-
Target
SHIPPING DOCUMENT && PL.rar
-
Size
416KB
-
Sample
211202-txps2adec9
-
MD5
e22cc8ff5d54c3bd9ad973eb4b77ebcc
-
SHA1
390129943180dcc6d9643771a8e74bc3f594d40c
-
SHA256
bef9350caff49b6b7da7ce9ca94ee8db2e37a7236f907789ae009323c2fe638e
-
SHA512
8e72b9a2baeaab51a1c3f226826f1aa9ac012aed37ff3895262949d9e50b7023a6db21af6f7457bc7bfbd953906dc4b4bfedce6624c9e786ea4aeffb7f472742
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENT & PL.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENT & PL.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.demo.jeninfo.com - Port:
587 - Username:
finance@demo.jeninfo.com - Password:
%e&qapQ3oNkx
Targets
-
-
Target
SHIPPING DOCUMENT & PL.exe
-
Size
465KB
-
MD5
d24c7a40d621572c5de0d58ed1faac28
-
SHA1
1fc2634401142c79be427671382cd3ea99e4c312
-
SHA256
cdbf59639275f9eac2802feb599b57e8178f5f5170f389d667f359f75c56ecd3
-
SHA512
65b0f65244ec6a758264aa0f92a33180c164922db18d0d34663cbd14246f2949f77a6e2da0c7d5802fc40628ab3cfc334cb1b0979af061242b7f6f9a746854e2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-