General
-
Target
ac9aa9f280c16034b32a0aa081c6ff1cf0d2efb966dd0ece2c9b5417638352b2
-
Size
536KB
-
Sample
220521-myhb1scff4
-
MD5
43f9c077d254e19cbd9dda088cdfdcde
-
SHA1
18bd52c8cf3fb429cb58699ea94e1144d6fa8d90
-
SHA256
ac9aa9f280c16034b32a0aa081c6ff1cf0d2efb966dd0ece2c9b5417638352b2
-
SHA512
26c6cdf3f275dded77bdb07aaafa4ba075d44885acf0af54e6496368d3c3d838815d7f6ac76a997d660734ae6f6813d8752f417995a202099fa03a598584e623
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS_doc.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENTS_doc.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acroative.com - Port:
587 - Username:
[email protected] - Password:
onegod5050()
Extracted
Protocol: smtp- Host:
mail.acroative.com - Port:
587 - Username:
[email protected] - Password:
onegod5050()
Targets
-
-
Target
SHIPPING DOCUMENTS_doc.exe
-
Size
887KB
-
MD5
72604d8c812c3358e9213024d3c4954d
-
SHA1
930947eaf04e9ac6e5ccf798f07bfe60b194ae50
-
SHA256
b81ce07ddc4e67ba7d1f5d1b6893e50eb2c2e0f4a7c5ce3dce1971eec3e6c999
-
SHA512
fa441e1f64997319a0ce0aec12cc084c0219ba8131e184bf866d9497da918fde1f375be11f478ca5ab1e047653c30a769308d282bf1c6d481478f84db8db1494
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-