General
-
Target
SHIPPING INVOICE-PACKING LIST DOCS.exe
-
Size
555KB
-
Sample
221128-kl179aae42
-
MD5
5b7d13236bd0e3f952b7c7b68b04e55d
-
SHA1
4d4f83b41622cdc8e418681c4c15b7ffc702b421
-
SHA256
65c9b0f0953bfb1534836f0077fc7b14edf3c2d06649931cf39c26c7ec9d8f19
-
SHA512
91eed2ee379165f4a316b8cabff80610f7815080650e2eb41db155aa3e7ba629a5739b5ab33fef6ea7dc7b899316bbde1d70243b709350739bc596a02de8d684
-
SSDEEP
12288:XaZbIZlxbK9ESCYX4XP4upRj19sCdyGIz46mol:XaKxu7R242On9M6mol
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING INVOICE-PACKING LIST DOCS.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SHIPPING INVOICE-PACKING LIST DOCS.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/
Targets
-
-
Target
SHIPPING INVOICE-PACKING LIST DOCS.exe
-
Size
555KB
-
MD5
5b7d13236bd0e3f952b7c7b68b04e55d
-
SHA1
4d4f83b41622cdc8e418681c4c15b7ffc702b421
-
SHA256
65c9b0f0953bfb1534836f0077fc7b14edf3c2d06649931cf39c26c7ec9d8f19
-
SHA512
91eed2ee379165f4a316b8cabff80610f7815080650e2eb41db155aa3e7ba629a5739b5ab33fef6ea7dc7b899316bbde1d70243b709350739bc596a02de8d684
-
SSDEEP
12288:XaZbIZlxbK9ESCYX4XP4upRj19sCdyGIz46mol:XaKxu7R242On9M6mol
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-