General
-
Target
a0499bdaa5a2407579f7c1a6d60dd3b8fc393f338ed352acf92d0554b4a4e37d
-
Size
1.2MB
-
Sample
220521-paay5sabam
-
MD5
b789de7911e1ac6705a9c64dcc5d16f9
-
SHA1
0e5e37b0a4d6e80b659880b793271ebbc6324bae
-
SHA256
a0499bdaa5a2407579f7c1a6d60dd3b8fc393f338ed352acf92d0554b4a4e37d
-
SHA512
24c750cb7aedc4e199d41c1e79feff1945a4341ba5a1b75722a616baac6e53a6ba8227be717b305f003c1a5d840a5854d7ed108772f17a861d0a9648c80977b0
Static task
static1
Behavioral task
behavioral1
Sample
NEW_SHIP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
NEW_SHIP.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
recieve@resulthome.xyz - Password:
VISION2020
Targets
-
-
Target
NEW_SHIP.EXE
-
Size
673KB
-
MD5
4d1a801103d87a6bb9d3e26689ef8983
-
SHA1
58f798848e53c6d5377eedb384e015a18351e0c2
-
SHA256
a6cb21742488b2257cc39988ced61f7ef5be6d3eff506c10fbc265aa560e6bd4
-
SHA512
d0989590ae27c069c2b6edd044bf34d83c0712c4a230c229a78a85fd91c6ea45630ac1c3de6ed5c5dfcbc795c390e90f9d58aeec8762b7eea783089c436c42bb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-