General
-
Target
SHIPMENT DOCUMENT.zip
-
Size
526KB
-
Sample
220930-q5s9msefbn
-
MD5
a7e568477b141132d7dfeb9ea6392b98
-
SHA1
fd017111e1ac612558b075ca3c32835793e885f2
-
SHA256
b1a091b1d18979b9b48d2f1c481c0b61a811422d5c79df0ceb79322755c198d4
-
SHA512
8f494052ece95508d12b5dde3231f945cae363aa88bcf51a6ce77b069d9ba230d82aded580e51607fa93ea1ac23fcb41f602b944371cb359d75819c5a199bba7
-
SSDEEP
12288:rQuALOV8XMF1IhdWOigEAs5UA5mnp+1UbyhIqvfNeNSW:rQZLO4BhdlWh5L5aIQILvV0
Static task
static1
Behavioral task
behavioral1
Sample
SHIPMENT DOCUMENT.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SHIPMENT DOCUMENT.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/
Targets
-
-
Target
SHIPMENT DOCUMENT.exe
-
Size
848KB
-
MD5
75116e224789066aeb6c83cbce17310a
-
SHA1
81b07f3125c34912405144bbcf3f751c334d35da
-
SHA256
bc3ecc8f2b20fb6d4bcf4ef92565c58c19040f5309e5cadbaa474344b7161f21
-
SHA512
d6bdab45a90ab60f67fdf9937dd01802d5207eb1192efc95046aae680be6a1aff496d2287ae1f4c0768ef73f364534850d5a249bda6834475c85deabd616ab62
-
SSDEEP
12288:r7bEXVFExN3AXkVB2hFWoiawAspUytmnP+zUj/woqjJ5nAp0:3bIVFxFhFTChpXtaGgmjrt
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-