General
-
Target
SHIPPING DOC.exe
-
Size
478KB
-
Sample
221128-jxk5qsge72
-
MD5
2a2c37b0186b83c12b975807546da3fb
-
SHA1
a0eef6a6122dab1d2c0e24c2d39edf0eb9999b05
-
SHA256
b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686
-
SHA512
d3fc6a7422abc8473a7b637034d3bd873008d15de83866043180047e2fda764083cb747a279e44ecca37867442e07ac853c8d1b2466c6497290eee751951361b
-
SSDEEP
12288:qwpYDXo4z1SRFedmp4JgoIkfoqbalNgp:qww4U1SRFr4ao9Aqbaly
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOC.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SHIPPING DOC.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
SHIPPING DOC.exe
-
Size
478KB
-
MD5
2a2c37b0186b83c12b975807546da3fb
-
SHA1
a0eef6a6122dab1d2c0e24c2d39edf0eb9999b05
-
SHA256
b9f6f3b9202df46f9e2b996e4c47cd77ea107932712c50d300f3d0ddefa75686
-
SHA512
d3fc6a7422abc8473a7b637034d3bd873008d15de83866043180047e2fda764083cb747a279e44ecca37867442e07ac853c8d1b2466c6497290eee751951361b
-
SSDEEP
12288:qwpYDXo4z1SRFedmp4JgoIkfoqbalNgp:qww4U1SRFr4ao9Aqbaly
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-