General
-
Target
f8a03b62faa7f59a865555c93a447b78e08208d4a6bdeeeefa802ba8e1c33ed6
-
Size
565KB
-
Sample
220521-exqyrshgg6
-
MD5
dbb29ee7e25b4ebada62b952c47178f0
-
SHA1
2d2fe83c9b2f9e8f25d02ccf2d13da12d3bfcc51
-
SHA256
f8a03b62faa7f59a865555c93a447b78e08208d4a6bdeeeefa802ba8e1c33ed6
-
SHA512
bf372f22a3440caeb6dc4df58d506720e25b2bffec3bdf34b7ab243125f5f26207dc583b64bb11d182e9c5002b229870a43ce6bbb71f22247ae936a74d129e57
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPPING DOCS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
[email protected] - Password:
Sunray2700@@
Targets
-
-
Target
SHIPPING DOCS.exe
-
Size
946KB
-
MD5
171ca85e67c01bde72301be27ace1050
-
SHA1
69df124e840920a7039ba089494430d6ca368675
-
SHA256
26175cc093fdbd5e8d5f16281b38028a13a27d09cf488259ac74f3116499905c
-
SHA512
fbfccfcf467778d0571f0849c6c366f5d93f92d2014dcb04e6904429508ac6efb9f1e50f086d478f2731f7c11268b06b7c6de2ad518d5da38bb1adadc6486974
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-