General
-
Target
bec61f4e3e786ce5a72048ca174f85efbff4a8e630d55811b51e806b32f45e86
-
Size
452KB
-
Sample
220520-3wlvescebj
-
MD5
6700432076ec735af49376721206bfcc
-
SHA1
946dd561ef803d8cf10cb44caabb3a05b974b3b8
-
SHA256
bec61f4e3e786ce5a72048ca174f85efbff4a8e630d55811b51e806b32f45e86
-
SHA512
0c804e8d8f1a01531a6c3857b2a652d41b5617efcfda07c20cbfbead5869a233076df9095d6cc61f183dfa0884e42e532ec4e7049850244bbbb97832b546b8b7
Static task
static1
Behavioral task
behavioral1
Sample
MV. ABERDEEN - SHIP PARTICULARS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV. ABERDEEN - SHIP PARTICULARS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.desmaindian.com - Port:
587 - Username:
manan@desmaindian.com - Password:
vU}t$13*orkO
Targets
-
-
Target
MV. ABERDEEN - SHIP PARTICULARS.exe
-
Size
641KB
-
MD5
be251f1b582ea616cb38b854ac172e80
-
SHA1
6df0cf3554eb5bdf9cc7233228b31a271d512f90
-
SHA256
6ae239d55a04fc135b9ed665b8e8ad720672eca86f5b76a441da1e155ac755ad
-
SHA512
726b6476b80199e254d94861524aa70efbceb8b839a5449724e61759aa9b46731c2e45617ea0cb73ab2b7eab73cd9d48f7bb6fbe8b91ced46441331bfa601562
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-