General
-
Target
381f839ba0e1dc6c02db3aa353bfc55d96afc5e1d493810b79f8b76b4b5d1b9c
-
Size
383KB
-
Sample
220520-2zl4xsgcd8
-
MD5
0a258bf3b12f2a4e83f61d9e7ea25a54
-
SHA1
7fa6612065de422cb9f3b84780bee19cf3458788
-
SHA256
381f839ba0e1dc6c02db3aa353bfc55d96afc5e1d493810b79f8b76b4b5d1b9c
-
SHA512
fe8f03f0a32f67b9cb9522a41e25a2083e4c858a4b0cf24bc8b00828477ec3fcfb208c365a9e3c4c62de085fa68a70d486ee8d71b37a0dd4d2521900b31c996d
Static task
static1
Behavioral task
behavioral1
Sample
IMG SHIPPING DOCS 24223_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG SHIPPING DOCS 24223_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.candenizcilik.com - Port:
587 - Username:
[email protected] - Password:
519025
Targets
-
-
Target
IMG SHIPPING DOCS 24223_PDF.exe
-
Size
425KB
-
MD5
4a13e4535fb2b59386f867e9655c9173
-
SHA1
d069643020dc029a453a068e796bc2cdb7c194e7
-
SHA256
203094520d66c8d9f2e8206f09b90ead4c30dfe3fb3da274075fd00651d63de8
-
SHA512
3675ac383314d6320ddef2baad02701a68033a719e90ce9696aa1a29143a74a1bfe584c42866119d5c89e7543407831f0d49de274c03f532cb01be839d1ba805
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-