General
-
Target
88905cf9ea5085d7264e7b87ae4fc427253ec552df9e3c56a0848e2ff49178b2
-
Size
1.4MB
-
Sample
220521-agz5aaacb8
-
MD5
bec60227238d8667d8ed447d646a52a0
-
SHA1
630d64b6116a40a6d43cc2488711dd33ea68c843
-
SHA256
88905cf9ea5085d7264e7b87ae4fc427253ec552df9e3c56a0848e2ff49178b2
-
SHA512
cdba3a92bf0f930f1fc63a327eaeb9a6cd75b26bf7f60412cda316040a39380d02ce14cd76bebe4d597e91c85f63a5dbdac6fe57567572bcf5fbd0611178281c
Static task
static1
Behavioral task
behavioral1
Sample
BL & Original shipping documents AWB & parcel tracking 1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BL & Original shipping documents AWB & parcel tracking 1.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Original shipping documents AWB & parcel tracking.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Original shipping documents AWB & parcel tracking.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Targets
-
-
Target
BL & Original shipping documents AWB & parcel tracking 1.exe
-
Size
850KB
-
MD5
a2fabb659641023048269765790f973e
-
SHA1
b18cb6179e52427f1d0526c52bb05f26e8e2b1f3
-
SHA256
08443bf9fa957824d3f097be9f7171d11ca06a26bc1e94e518b0654bf9ef5c32
-
SHA512
efe48bdbc32cae5001a70c0c3fce52064a9ae86be74498f9152fbd7d3ad6792e6ebcee0d51be0336ed300bb0dfc63de3a18dcd4f9184d6d29555b1b155f2dddf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Original shipping documents AWB & parcel tracking.exe
-
Size
871KB
-
MD5
348d7c0aaca945e8aaa2c5fb7bfc1122
-
SHA1
54ce23bc3e637191c19443069dc3e624e55af782
-
SHA256
f66744477239c87939089b7bfb0e5396cf5addf0288b90b95178cc001c587c16
-
SHA512
b4e9edc8addd54db88cbefd0df4faed8526fa6d6c733f727305fd08d691979982944ecc61b7e2ea55d39f3afa0d10f76db020acaaad757ce0be669840e8f6c42
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-