General
-
Target
New Shipment.exe
-
Size
703KB
-
Sample
230206-v1emxaac61
-
MD5
44209f94895aa491ebe6970a9b1170bf
-
SHA1
8a7269c4b631ab6e770cb427c952c8756199b1d5
-
SHA256
aab69d08523d6a6e50f3f057aa975bc80644725fc3f458281d97c974170c4f7b
-
SHA512
0ee9205567d300a32a7cba9f6585c956d021cc62cf25904ca9c0d92f2fa4f4b18115fc63074fffad00b5db715175eb4757f90d1056ae9746f93b9d25f6e2536b
-
SSDEEP
12288:niapzpT4sPb+HT0qE8S6S7ztLHKNu+A+/1bpc9xJPmH5x97ZiQ4mvUw1YuO5DVPe:niark8b8vOztLHKNu+A+/1beFPb4cw5b
Static task
static1
Behavioral task
behavioral1
Sample
New Shipment.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
New Shipment.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aficofilters.com.eg - Port:
587 - Username:
m.saadany@aficofilters.com.eg - Password:
mhds@852 - Email To:
godwingodwin397@gmail.com
Targets
-
-
Target
New Shipment.exe
-
Size
703KB
-
MD5
44209f94895aa491ebe6970a9b1170bf
-
SHA1
8a7269c4b631ab6e770cb427c952c8756199b1d5
-
SHA256
aab69d08523d6a6e50f3f057aa975bc80644725fc3f458281d97c974170c4f7b
-
SHA512
0ee9205567d300a32a7cba9f6585c956d021cc62cf25904ca9c0d92f2fa4f4b18115fc63074fffad00b5db715175eb4757f90d1056ae9746f93b9d25f6e2536b
-
SSDEEP
12288:niapzpT4sPb+HT0qE8S6S7ztLHKNu+A+/1bpc9xJPmH5x97ZiQ4mvUw1YuO5DVPe:niark8b8vOztLHKNu+A+/1beFPb4cw5b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-