General
-
Target
17b144ac1ff3317294827875543e6ed7ead0d2b62c4d7314a569dda6828ebda6
-
Size
1.2MB
-
Sample
220521-bx4cbafgam
-
MD5
41b63cf02b12f667a56b9982210046b6
-
SHA1
ffea21006a11b5a934477f9f5a9f3f99867716c1
-
SHA256
17b144ac1ff3317294827875543e6ed7ead0d2b62c4d7314a569dda6828ebda6
-
SHA512
6443c6cdf10b6d2f525b1d4709a1810e34750527e7075e7ce26d107e2d04f68cde2b93e36f812ba14cf2f91f585b566ff9deaa6d6a150915aebacbbf5cf25fa3
Static task
static1
Behavioral task
behavioral1
Sample
EMS_SHIP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
EMS_SHIP.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
[email protected] - Password:
9v4CkwBY3uLV43U
Extracted
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
[email protected] - Password:
9v4CkwBY3uLV43U
Targets
-
-
Target
EMS_SHIP.EXE
-
Size
676KB
-
MD5
9309dd56fbb77adb7478da855e16779b
-
SHA1
8d45e064844154569e0cfa022a8f05d1f969bf98
-
SHA256
82b85d6bc294eede14336f077f56aee1bd902c4ab91b7d37a8d0cf1fe11095fc
-
SHA512
ffb418c0540b28f15ad9f483422a163e4fe944eebe0b7d055e55b0fbd2fa0ac59c17f03e46b43ee2fc5fe77423f314c7e38576401c488a8cc508b7bcc748e4f2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-