General
-
Target
d454f93f576ab127ca4755789b0b90ba72323a0ff49fd37002622ecd91cb7de1
-
Size
484KB
-
Sample
220520-3rallahdc2
-
MD5
8e3e301e9ad690d024ba9461e7979317
-
SHA1
ab0713076b547999e149ff85c13eb44f752aea70
-
SHA256
d454f93f576ab127ca4755789b0b90ba72323a0ff49fd37002622ecd91cb7de1
-
SHA512
715acee55edae10965b88b9cda3347afc227682e441a79c26749a4a9aff804d4014ad723eb54893ef29494848d71ea4a42bd18f53eb15c899b982f8bbaa43f43
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Shipping Documents.doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.coffiices.com - Port:
587 - Username:
[email protected] - Password:
E5%lCvZ{l[6FG
Targets
-
-
Target
Shipping Documents.doc.exe
-
Size
609KB
-
MD5
3cf0389affb5ba328147fed52b2c036a
-
SHA1
479be8033a988e1bd41a5d3d2f97c921a76484f3
-
SHA256
53a05748df93fa8c44d170d47a1abd61ec9ec27980867c7cb87d3d9841f70ccf
-
SHA512
f14d760fb95e1b78284afd588ce887fe11dd68dcf0819055e865c2e628d47cd18ef72f900d82b5148954377a9edbeb7931fcf49911283b0948bed56b36f0dd96
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-