General
-
Target
70010949e74108bf826914c1e3b52f99fe36a29cb176fa8eb418b25379b4f6c3
-
Size
379KB
-
Sample
220521-amxlcaddel
-
MD5
8bb2a2283eb79f2a5c9783fbf80b6c7c
-
SHA1
5c186c23760dbe5397c001a986f08a20e3aa6639
-
SHA256
70010949e74108bf826914c1e3b52f99fe36a29cb176fa8eb418b25379b4f6c3
-
SHA512
0d131930c65bf5606bf0adfebb347a7b6e8c7f143acffd481bc2f8147064d47431e60d9b01beffd01db7e18129fcaa3cc9cad3e74beef45ccb5160d69399ea01
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING NOTE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPPING NOTE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Extracted
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
SHIPPING NOTE.exe
-
Size
434KB
-
MD5
7ad65b9ae0ffc06a5f9e17de1abdd3f1
-
SHA1
c6100f2d3a7224771ee26bdd0bd9503fe17e0633
-
SHA256
338fa24cfe17463b84e6667b9f64dd425e875b596a604bc28719ebc82deaab26
-
SHA512
7e8b159c1f649c6d527f12f9b881cd821bd05f3e687ce43c1152e7b44bb62094c5909e826ad06103bc1a8c66bbe82e9a76d6d83f26975d58cf383565843eb5c3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-