General
-
Target
834dcb45f69745efb4ab4e6ebb5b57f4234c0354b71c227453a3511914fd99f3
-
Size
351KB
-
Sample
220521-n5bcqahgel
-
MD5
183a9b5052635adc9bacb93aa001ecc0
-
SHA1
cccc102fb55a8052611f60a15cbdfd3a7303e9a3
-
SHA256
834dcb45f69745efb4ab4e6ebb5b57f4234c0354b71c227453a3511914fd99f3
-
SHA512
307b835c76293927c3eb01f1ee987bd8394ac1aa186d7e8ad0d1b2ce2d30bab073c8defcf628e032c61c389622a7dc0e3291946780208b647d03d5e7a417edc4
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Document PL&BL Draft.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Shipping Document PL&BL Draft.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
kelex2424@
Targets
-
-
Target
Shipping Document PL&BL Draft.exe
-
Size
729KB
-
MD5
09e44e025eaa6142784bead6ff8c19d7
-
SHA1
f81f3fddcf53b31fbd5d41b5b193bcafb66f09e8
-
SHA256
c59a459f5eb1b870adcca4d628a92d1ddf207528dae3d1942809cf798a07868f
-
SHA512
be501c95e1f2ab944373e2d5c72f92d58c4cff2c9565a0304e018e7d479f44213d4410fb1ec1ef84b35a9bd3b83af0d1a6d4bad1b395f0ff80bac5cbbae9620a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-