General
-
Target
shippin docs.exe
-
Size
480KB
-
Sample
221204-y292zsga6w
-
MD5
06d253413aa62c1eb72edb9fdc6e2a87
-
SHA1
a3d8c88b5b9709699c183925ce3ad653491aee9d
-
SHA256
f0ffe30cd228800ef89e93b87315c547fde5ec6e3dc8e09485b9004726bbe822
-
SHA512
74eee8077764b41bb10bfdb2f8408af549951abdf9244d0c609de931ba6f847b6653d1088cb4394de875c0f23837b28f712cc4c8161a50d4127206bb669d68bb
-
SSDEEP
12288:q0aShcx7plNJAYnIKPPfpZlrySug8pG94L3st+s0u5jgbO:q0aSholNJrXdr5ug88ss0s0gEO
Static task
static1
Behavioral task
behavioral1
Sample
shippin docs.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
shippin docs.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5745656562:AAEWafwrgUiORYk4Z5mN1SY726IYW3inkfw/
Targets
-
-
Target
shippin docs.exe
-
Size
480KB
-
MD5
06d253413aa62c1eb72edb9fdc6e2a87
-
SHA1
a3d8c88b5b9709699c183925ce3ad653491aee9d
-
SHA256
f0ffe30cd228800ef89e93b87315c547fde5ec6e3dc8e09485b9004726bbe822
-
SHA512
74eee8077764b41bb10bfdb2f8408af549951abdf9244d0c609de931ba6f847b6653d1088cb4394de875c0f23837b28f712cc4c8161a50d4127206bb669d68bb
-
SSDEEP
12288:q0aShcx7plNJAYnIKPPfpZlrySug8pG94L3st+s0u5jgbO:q0aSholNJrXdr5ug88ss0s0gEO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Sets service image path in registry
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-