General
-
Target
98af6be3b08e9d1b2e912c1143b8273324a8cfaa89f72763e527d76f2729af04
-
Size
510KB
-
Sample
220521-cyh87seff8
-
MD5
ea4257965c455555fd46aa787dc429b1
-
SHA1
fa0b38b51eec367c5b43a189f7eb9101e306484f
-
SHA256
98af6be3b08e9d1b2e912c1143b8273324a8cfaa89f72763e527d76f2729af04
-
SHA512
97cd5e81928494c096a1c2dfa2e7ec3b4711c9cf439c937a5d27e381d0ba52fe6ab61ca0565d47a37fd36b330128fc5c1e02620d5f00944f80cd131c84893b30
Static task
static1
Behavioral task
behavioral1
Sample
FedEx_Parcel.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
FedEx_Parcel.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
111aaa
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
111aaa
Targets
-
-
Target
FedEx_Parcel.exe
-
Size
449KB
-
MD5
3044886193d9035599e973740d4e6377
-
SHA1
0f3bec61d7db1c38cc65aaa26aeb1c65a161282c
-
SHA256
7fdde0d904ccb6ddad0e318c409cce3385c32aebc290607361b879d617322ade
-
SHA512
21feca320ffc4e2dc6beb0f2ed6200c4f83359a9da1ecd1a8523bf75e077c50b6708ac7f9e201436663af3e95bb297a0239e96185467560110f99941bfa1dbc1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-