General
-
Target
582bd853d2b154a9d93693b2ec0bc06c0e69f1810aa08c42e6ac73c9d855d11e
-
Size
410KB
-
Sample
220521-pdkyhsacen
-
MD5
466572072a56012b53d6f22e829a7c0f
-
SHA1
79b7e7c119f99e5ad268e22b4db7eb047bbf68f4
-
SHA256
582bd853d2b154a9d93693b2ec0bc06c0e69f1810aa08c42e6ac73c9d855d11e
-
SHA512
bb75eb7d4da49724ccbc7a145c15158ed07ed5a579e9005e321f7b9116e39f97c22aac6130deb8fee419be4bf899c61300c2a5e8ab3c0112b294219764e06989
Static task
static1
Behavioral task
behavioral1
Sample
BILL OF LADING-3547432.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BILL OF LADING-3547432.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
chizo@damienzy.xyz - Password:
@damienzy.xyz2240
Targets
-
-
Target
BILL OF LADING-3547432.exe
-
Size
872KB
-
MD5
5dfb66abf9f7eedceaa33c29c4ef4e4f
-
SHA1
371a120c9e071e730157641e415bb51594176b9e
-
SHA256
0c66da4c29f72e3b1f9bd5eb8f35542af9a724f7daa227a73774104bb985eff1
-
SHA512
bef2b989cb2f803f6705da49d74f50b2f096dec31301f8edbc8493ec985889b623a75468716c94cd220f360ed2fef81d0d75a06128aadf0ff9d9961e10eb20ad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-