General
-
Target
7ace5d45a67e84cfc93e66018e4785d0b0f59e0748e40394279211a256e72e03
-
Size
393KB
-
Sample
220520-3gxy5sghc7
-
MD5
c916fb169ff7466902909cc291b6f3bd
-
SHA1
5feb7daf05e3806854ad510c87789a487c8c9129
-
SHA256
7ace5d45a67e84cfc93e66018e4785d0b0f59e0748e40394279211a256e72e03
-
SHA512
f0d629ea249f6359abcaf48972ba80c413779b1ce447ac9f079435565f4a2bb7926179ae3d51af65bfc2a135857b23fbd10c9a24f1c8eb9727bf38b75d2a9f45
Static task
static1
Behavioral task
behavioral1
Sample
Shipping DOC -Arrival Notice For BL - 120910126192 Vessel - MV Crystal BAY Voyage - 19014S.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Shipping DOC -Arrival Notice For BL - 120910126192 Vessel - MV Crystal BAY Voyage - 19014S.pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Loverboy123
Targets
-
-
Target
Shipping DOC -Arrival Notice For BL - 120910126192 Vessel - MV Crystal BAY Voyage - 19014S.pdf.exe
-
Size
580KB
-
MD5
7e5f63f90ee013c483f9ed7b9caef45e
-
SHA1
2ac11e9f8fb8ce13780a9412e3c5096eda574afa
-
SHA256
a18c873be684866e0cd0493c18d7c6a37d5842217ef411ae92b0f47232288c06
-
SHA512
5c3c72b0395da197ccbbdf37e3a1fb120fec4becdd418de4a294636526a33c737533c258dabd10ab9aba1553bfc6903e4ee886e7b2d95b0a468add5e3c321ec7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-