General
-
Target
5efda6ca4ff5299869fb09fa89b2b521f091a4cd1498284e93c090b654ab6ad0
-
Size
494KB
-
Sample
220521-argqpadfan
-
MD5
f5e149cde74cc32a3eeb9455f215976c
-
SHA1
604785a21b3cfbe53b109b2f6adfb485d3296783
-
SHA256
5efda6ca4ff5299869fb09fa89b2b521f091a4cd1498284e93c090b654ab6ad0
-
SHA512
f4a64b8e504f8840b2448d66befb552d21e27a7339f659a462abeda7907f4179eda86b5a0f38550a518631c5a47076351522fd0ec60a28ebd235840a7727b091
Static task
static1
Behavioral task
behavioral1
Sample
Delivery Note AWD-29383737383-3736783833.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Delivery Note AWD-29383737383-3736783833.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.airporations.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Protocol: ftp- Host:
ftp://ftp.airporations.com/ - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
Delivery Note AWD-29383737383-3736783833.exe
-
Size
701KB
-
MD5
92c1e6f3ae1ff35dd61e1d86252dc905
-
SHA1
4e88fe64b1c3f610758a2adcf816badd73a02da1
-
SHA256
1c0d5a3dc1ac2c2b4a3eca709767ac255b6d73fc1a7f24181ff58627343f7dac
-
SHA512
b088de9a4daaff4ffd275ff4eb534e9beb27b4e189ddb3f1f29c504878f478834ed596e7795f347bc25b563dfb139375936882d11804f7d6596197788bfdc5c6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-