General
-
Target
New inquiry - Qingdao Wisdom International Supply Chain Management Co Ltd.zip
-
Size
716KB
-
Sample
230327-qfhrlsde74
-
MD5
7dd476ba7d03114a991c49cefec1f35d
-
SHA1
b882516e17fbc7e1cbb92e1a9a33fe45e07b3270
-
SHA256
df2a750f5f59f60f4c19761ded5aea7cd18fdc31fe19fc8393af535c18179110
-
SHA512
b6c17b1eb9a3c7eea687310cf5a84c5639393c845a21351407818fa53c5b57c19419b9493593b035f73534287eecd668935ffa9f5fa7a165b0000e02343e0990
-
SSDEEP
12288:+lF3vxFTxs+yECaHdncsGJeNc4/P1OPGzDB8ceuA6RXlAHR8VMXAlPirlScllBNe:MF/xFiE7ncsGJ+P1SGzScdA6RVAHR8V7
Static task
static1
Behavioral task
behavioral1
Sample
New inquiry - Qingdao Wisdom International Supply Chain Management Co Ltd.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
New inquiry - Qingdao Wisdom International Supply Chain Management Co Ltd.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
vmeee@kopamarine.xyz - Password:
LC%UjBd1badmanSacr@@ - Email To:
vmeee@kopamarine.xyz
Targets
-
-
Target
New inquiry - Qingdao Wisdom International Supply Chain Management Co Ltd.exe
-
Size
794KB
-
MD5
71cf68e20364b584bb08ea08f2d64b9b
-
SHA1
60402cf86e50c425e4852ee761c2d7650e76ba56
-
SHA256
920961f43c4590704b068fb3bd274325c966908e805f7994522ce173e7e4c0ec
-
SHA512
028d3267066b3da3e8f51fe957e2d6e2a9c71e7d713460e1831f1e3b1f18093d52e1155059aa8e65dc6c8ff8e70077c910d711f1a6222d3f0717130de124392a
-
SSDEEP
24576:WA5xZDunGsiJgD1iYpOe7A6R90HRYVuAMVn:H57unGsi61iYnMVn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-