General
-
Target
Ship Notification.exe
-
Size
434KB
-
Sample
211203-d5xwlshcd3
-
MD5
efbbcccfaea275a45e1fd622cbe8fc81
-
SHA1
fc83cddfdd51b4ed683fa093aee3d268bc91cf6f
-
SHA256
f3457b15e193b2fa2ce2fff91da46d671208034e010091cf1f88cc0231f35f71
-
SHA512
11d718d4bd2a3a2d23b36502dde05ffb0e2250af9a0110dd53124397150f17de7b9bbf3430ff59fa2f159ca875a09043ce132d142322215d74cc09b14e58887d
Static task
static1
Behavioral task
behavioral1
Sample
Ship Notification.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Ship Notification.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1803146213:AAHYyCRx7FggQ9LfPbrIs79ZUWCEc9wNnDo/sendDocument
Targets
-
-
Target
Ship Notification.exe
-
Size
434KB
-
MD5
efbbcccfaea275a45e1fd622cbe8fc81
-
SHA1
fc83cddfdd51b4ed683fa093aee3d268bc91cf6f
-
SHA256
f3457b15e193b2fa2ce2fff91da46d671208034e010091cf1f88cc0231f35f71
-
SHA512
11d718d4bd2a3a2d23b36502dde05ffb0e2250af9a0110dd53124397150f17de7b9bbf3430ff59fa2f159ca875a09043ce132d142322215d74cc09b14e58887d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-