General
-
Target
shipment advice.exe
-
Size
510KB
-
Sample
211203-t384vscab8
-
MD5
f37280d2c00bf27ae4303aa2a649d1ad
-
SHA1
75d5888f1eeb38f5b86354ae25206f308436787e
-
SHA256
100769f7130291a9c65673f8c29783e5906fc4466b39f0936073b64401a1a5b0
-
SHA512
3af2560c7b197eaff9ab2ac4434efe5bb3e2c9c814d951c8829350c67a8751ab8a9f5a3cbcde7a2dc7cb1a83aec80b39d738ddd2835a8b1a6c690a9f57a661a0
Static task
static1
Behavioral task
behavioral1
Sample
shipment advice.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
shipment advice.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.diva-italia.com - Port:
587 - Username:
[email protected] - Password:
rr.@%5LjgLz7
Targets
-
-
Target
shipment advice.exe
-
Size
510KB
-
MD5
f37280d2c00bf27ae4303aa2a649d1ad
-
SHA1
75d5888f1eeb38f5b86354ae25206f308436787e
-
SHA256
100769f7130291a9c65673f8c29783e5906fc4466b39f0936073b64401a1a5b0
-
SHA512
3af2560c7b197eaff9ab2ac4434efe5bb3e2c9c814d951c8829350c67a8751ab8a9f5a3cbcde7a2dc7cb1a83aec80b39d738ddd2835a8b1a6c690a9f57a661a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-