General
-
Target
ad3c482d0df04a21734cfca2bae753158fa3bc697ff87004c0570e3d026f3b1e
-
Size
333KB
-
Sample
220520-31b6sahgh6
-
MD5
b468bc74b417f1674c67262d4502f8b6
-
SHA1
6e6c31f113e75377399a2d852ca44f1861d268ea
-
SHA256
ad3c482d0df04a21734cfca2bae753158fa3bc697ff87004c0570e3d026f3b1e
-
SHA512
c777c2a9ce71f76648251f7e669e9e8193021de68b58a42943563f0bdcdd2bf7f96f811c22c6cefd63d25ebaf656d36ff7616c4bc8fb97bd1ee9499cbaa503c6
Static task
static1
Behavioral task
behavioral1
Sample
SHIPMENT DETAILS - AMSGEV2007007.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPMENT DETAILS - AMSGEV2007007.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
amblessed22
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
amblessed22
Targets
-
-
Target
SHIPMENT DETAILS - AMSGEV2007007.exe
-
Size
432KB
-
MD5
bd69e795385ba6cb838fc97ef1d97224
-
SHA1
a4a43a70aab459d6792f3473a4375e309ac20f56
-
SHA256
f8a0ada1c983c16a3ff6b107c2a04cac970e51ba9bec2514771271af03b7b9fc
-
SHA512
894438f62cb2f3c7d839fb580c56aa091f71dc925fb3373b73491bb5e780cd96de69a0a380e646bc123bb8aa94b730bf7f622354f1b5b28e2ef5a0d01df3be44
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-