General
-
Target
7a4f051a912be89903a8f1221516fafdbacdff7f86362a27ed16e9343abc244b
-
Size
559KB
-
Sample
220521-ak5h6sadc8
-
MD5
c274a08b5c872900f7f86ae70ede6364
-
SHA1
afc38e47dbe164390e25076302c4b4a03836e83e
-
SHA256
7a4f051a912be89903a8f1221516fafdbacdff7f86362a27ed16e9343abc244b
-
SHA512
f285c8d82cb1699497ddf7b8311dc85e4c565f4ac60ed15d46b98f39e851f4168ebf58ffaccf24cf62dd7489b7e20711073011273bd47449517f915cf451e54c
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENTS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
challenge12345@
Targets
-
-
Target
SHIPPING DOCUMENTS.exe
-
Size
740KB
-
MD5
2374afb9995036716d57a36341f6d6c6
-
SHA1
64ce83971c2aa6c5ab6b75d4869cbd9c5a23d457
-
SHA256
e157307a0ae395f69fc74b41439b15540f0782dc03b0298146f928e88344dc86
-
SHA512
bee3229351493064f9902465a2bba62c0fee7aaeac312eda9a1c67ad494dd060fa5210908d270569043585a6cff4bd5da29c17f2eecabbdab39226a8f4f2956a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-