General
-
Target
SHIPPING DOC.exe
-
Size
478KB
-
Sample
221129-ld38bafd36
-
MD5
d1c1aac83a4eb44e1f5a150b1f9ea01a
-
SHA1
54972afe738a2255c2f319b3077a6413a812809b
-
SHA256
50c5c887aece86fb6b2dd1184c183c87082ae8a126d52a7e735449f6be8fb68c
-
SHA512
19cb24c312e122fb876246b96d76f114c9115441faf139f9b465000948349b8c547c56e973a2aa9c154e0308700adcf51c593543d58a48e28bba5a111eebae38
-
SSDEEP
6144:0iE2fjXwDnSBb/66RUEdKborY4A3O92KBXRr+tdP1ueDkkaDSL3J3iwjIzL2Ga+c:0asDSpJ6yKb0Y4ZvOQoVL3FjM9sEV
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOC.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SHIPPING DOC.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
SHIPPING DOC.exe
-
Size
478KB
-
MD5
d1c1aac83a4eb44e1f5a150b1f9ea01a
-
SHA1
54972afe738a2255c2f319b3077a6413a812809b
-
SHA256
50c5c887aece86fb6b2dd1184c183c87082ae8a126d52a7e735449f6be8fb68c
-
SHA512
19cb24c312e122fb876246b96d76f114c9115441faf139f9b465000948349b8c547c56e973a2aa9c154e0308700adcf51c593543d58a48e28bba5a111eebae38
-
SSDEEP
6144:0iE2fjXwDnSBb/66RUEdKborY4A3O92KBXRr+tdP1ueDkkaDSL3J3iwjIzL2Ga+c:0asDSpJ6yKb0Y4ZvOQoVL3FjM9sEV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-