General
-
Target
Maerskline New Shipment-SOL10123127.exe
-
Size
893KB
-
Sample
230328-hvy35sbc6x
-
MD5
4d624a352c28ce4c34314ccbe132d66e
-
SHA1
a81242531f9dd095edce3a0147445c30bf321cf3
-
SHA256
c97771c3c9da5cec4bb033a94ac643eab26d44c4e58e9e073465799244ca4a57
-
SHA512
b5296e6901ea70cc2bd53044743a8749f799869c0115e500421805ee89985a655ee67c509424817a750760c3a1964cc564f00ab436672e199718e1d03fdd262c
-
SSDEEP
24576:O74X1DgHnkOZ23YOPM7mn0NMWeopAJ2rgVR:vNGkb3YO90NMW1ASg
Static task
static1
Behavioral task
behavioral1
Sample
Maerskline New Shipment-SOL10123127.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Maerskline New Shipment-SOL10123127.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
amanni-logs@brightwatar-energy.com - Password:
y$j$wdV7@@33255 - Email To:
amanni-logs@brightwatar-energy.com
Targets
-
-
Target
Maerskline New Shipment-SOL10123127.exe
-
Size
893KB
-
MD5
4d624a352c28ce4c34314ccbe132d66e
-
SHA1
a81242531f9dd095edce3a0147445c30bf321cf3
-
SHA256
c97771c3c9da5cec4bb033a94ac643eab26d44c4e58e9e073465799244ca4a57
-
SHA512
b5296e6901ea70cc2bd53044743a8749f799869c0115e500421805ee89985a655ee67c509424817a750760c3a1964cc564f00ab436672e199718e1d03fdd262c
-
SSDEEP
24576:O74X1DgHnkOZ23YOPM7mn0NMWeopAJ2rgVR:vNGkb3YO90NMW1ASg
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-