General
-
Target
1c41efc4f44c59923861a2df88f2297248a22a75173a8ca9f77b340b357a320c
-
Size
432KB
-
Sample
220520-3dsv1sgfh8
-
MD5
ec038e421d6f550a7633852328d9a4f5
-
SHA1
24a0ba9d93e3fb83962172a2f26c46c6b6c6b3fa
-
SHA256
1c41efc4f44c59923861a2df88f2297248a22a75173a8ca9f77b340b357a320c
-
SHA512
469036e1ec700ee5853f881aa18c7ee8ebe15ea6df3fd5e95af6b9de9d41d8e64d150434235bd9b6a016d06a393a3ddba8680ba5bbebf595b3d60c298df056c8
Static task
static1
Behavioral task
behavioral1
Sample
shipping documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
shipping documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tiig-eg.com - Port:
587 - Username:
[email protected] - Password:
servicelorch
Targets
-
-
Target
shipping documents.exe
-
Size
470KB
-
MD5
90fe75b49befcd3051bf0722a1dbf0b8
-
SHA1
3b40d36a7996beca071c28dc03b9e733b1f4bb08
-
SHA256
3c3790756d45d5d2b17d41fcde5441129464268dd6f9c0b6c0af689487a35137
-
SHA512
a314167a8f6b0bf2cca638ffb82a5b64f62ebb65e424551bbef6a061d0ee9dd613e57359ce22b30c34576f934182a250547f3eb8210c99f9c90906d148f8608d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-