General
-
Target
Original shipping documents.exe
-
Size
897KB
-
Sample
221125-g8c76agb95
-
MD5
6c3fccc899a60f6b281759c930c06c42
-
SHA1
0a3daea32663be2f185299964a890a9498c026d3
-
SHA256
55f02b8d7758ec40e4c629e239a6b7c4e8b232ea5a1652357f582ae1d64782b1
-
SHA512
373022276aa27ef94b546c0326335ea893bd9bd7410688b8a93c232311edbf4942a70e6ef9b9da092100cb8907d4df3d43e02c54b9e5305c434143b078537927
-
SSDEEP
24576:6bnUdRX8XBciBzHvX1JpthZGKBJXJJIcjC:MUDMXCgHvX1Jp97Ip
Static task
static1
Behavioral task
behavioral1
Sample
Original shipping documents.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Original shipping documents.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rimiapparelsltd.com - Port:
587 - Username:
[email protected] - Password:
Everest10@ - Email To:
[email protected]
Targets
-
-
Target
Original shipping documents.exe
-
Size
897KB
-
MD5
6c3fccc899a60f6b281759c930c06c42
-
SHA1
0a3daea32663be2f185299964a890a9498c026d3
-
SHA256
55f02b8d7758ec40e4c629e239a6b7c4e8b232ea5a1652357f582ae1d64782b1
-
SHA512
373022276aa27ef94b546c0326335ea893bd9bd7410688b8a93c232311edbf4942a70e6ef9b9da092100cb8907d4df3d43e02c54b9e5305c434143b078537927
-
SSDEEP
24576:6bnUdRX8XBciBzHvX1JpthZGKBJXJJIcjC:MUDMXCgHvX1Jp97Ip
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-