General
-
Target
shipping docs.exe
-
Size
592KB
-
Sample
221129-y29ffsfg8t
-
MD5
6308ae755a893c15a989b1ccf2c56393
-
SHA1
00ada70aa14a5cf26a7f8cecbaaa437267d30a2a
-
SHA256
9dfdb5048599b1083fe534cf5fe5a0440d71eb74b5497e506f0a0a4c23821f40
-
SHA512
e03eac82bf4174912d63cb8eceed393320fe957f7a735ff0f720fbf558f9638e6fc051cb80607864caaa8366ca0edc2d44028367ef97d8020ad7b6f45eaddcd3
-
SSDEEP
12288:ks2kzrbETClbHskFgFwIyXCDl+s30ki9Pi00uSGD6DWzEH:1176ChskFgqIyXoi9Pi00uSTHH
Static task
static1
Behavioral task
behavioral1
Sample
shipping docs.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
shipping docs.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5676971476:AAFdGsXW8kwzXNIluAGV-a4sJ2XBy68O9WI/
Targets
-
-
Target
shipping docs.exe
-
Size
592KB
-
MD5
6308ae755a893c15a989b1ccf2c56393
-
SHA1
00ada70aa14a5cf26a7f8cecbaaa437267d30a2a
-
SHA256
9dfdb5048599b1083fe534cf5fe5a0440d71eb74b5497e506f0a0a4c23821f40
-
SHA512
e03eac82bf4174912d63cb8eceed393320fe957f7a735ff0f720fbf558f9638e6fc051cb80607864caaa8366ca0edc2d44028367ef97d8020ad7b6f45eaddcd3
-
SSDEEP
12288:ks2kzrbETClbHskFgFwIyXCDl+s30ki9Pi00uSGD6DWzEH:1176ChskFgqIyXoi9Pi00uSTHH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-