General
-
Target
BL-SHIPPING DOCUMENTS.exe
-
Size
928KB
-
Sample
221123-s37qcsga5w
-
MD5
45c41df318e24e20adb94219d4906ff4
-
SHA1
e771d4f59b1d95c5602d1e40f2da9e62c053b1ab
-
SHA256
2f3c179b97541b711d8926cf95673e1bcdbd2ce6ed22980abf88ba689ab2f21d
-
SHA512
cdb4c45a14fba31d6e002c8ef8a59412974d03d0671edbcc0e715089b38623a1817579c800bb6b3bd36ec423f58ce42a5ce40cbd8aa24a1f9d6e49bde527ebf1
-
SSDEEP
24576:Ha8XJqYPStVPYmOlLltOOr3C1zC+GGOG4emawVl9R9:HF1PSkl73H+GS4XawVrT
Static task
static1
Behavioral task
behavioral1
Sample
BL-SHIPPING DOCUMENTS.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
BL-SHIPPING DOCUMENTS.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
BL-SHIPPING DOCUMENTS.exe
-
Size
928KB
-
MD5
45c41df318e24e20adb94219d4906ff4
-
SHA1
e771d4f59b1d95c5602d1e40f2da9e62c053b1ab
-
SHA256
2f3c179b97541b711d8926cf95673e1bcdbd2ce6ed22980abf88ba689ab2f21d
-
SHA512
cdb4c45a14fba31d6e002c8ef8a59412974d03d0671edbcc0e715089b38623a1817579c800bb6b3bd36ec423f58ce42a5ce40cbd8aa24a1f9d6e49bde527ebf1
-
SSDEEP
24576:Ha8XJqYPStVPYmOlLltOOr3C1zC+GGOG4emawVl9R9:HF1PSkl73H+GS4XawVrT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-