General
-
Target
Partial Shipment.gz.zip
-
Size
452KB
-
Sample
211203-t4cgaahaem
-
MD5
1339b57b4720b0f8e354e22a7899aacf
-
SHA1
7b7bce63e6fc783315b2882c1bee462e4a4584fd
-
SHA256
92ca05efcd22d300759817aed174c7aa91030f966a1bd8ae4a35430b97429d1d
-
SHA512
7774180550e9839d321807e32cb9701e02d2da2280b36a22555bbaa3e03819d98c309dc9eb199efd72ffdb404f6196882542a3d9338d7c78f0568d3ec8b2902c
Static task
static1
Behavioral task
behavioral1
Sample
Partial Shipment/newp.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Partial Shipment/newp.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scahe.co.in - Port:
587 - Username:
[email protected] - Password:
scaheavy@12345
Targets
-
-
Target
Partial Shipment/newp.exe
-
Size
571KB
-
MD5
4ee15954d954941e65043fd7abd506db
-
SHA1
42e2a770d730d6874f40b4f83e885a3c6e737b4b
-
SHA256
9b78043d9ee5d318e4d5f3fbb0fc07ff1fe364a77673a54e6a39a14c3a8edcd2
-
SHA512
d37297453b35f295b7d4043199341c7b09e6a3d2f5ee33412ef7dd5c2e6295af1d1eeaee9ef316064dc3da24d15685dad03b70f67afde4e1ca101299c144125c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-