General
-
Target
King Onward Logistics PRE ALERT 860 0277 6292PVG000021.exe
-
Size
706KB
-
Sample
230331-ql8j8ahf47
-
MD5
7d34c665021b9bb48eac42f853d0272d
-
SHA1
0f874e935da3f58a06a4d28d8786811e0883574a
-
SHA256
90e926a50fdd51897942e407e917649f7cfdac92a9f95cc73d263c8f7fff695e
-
SHA512
7950cc2b634bc3233e8a2e3672d3ae48102408b940f472bbe68ffde139981ff94304bc7cd4a1b2e46b59819fa15800ca4040e5b51c24d46e4b228115e87483ea
-
SSDEEP
12288:qxVqHHYCPjimOMt+ryNN9wP+9x+aCyNGZdnnKbLctqg3nZoZzwa:qxVqHHYOimXYyNNOPOlfNLbRkZ6
Static task
static1
Behavioral task
behavioral1
Sample
King Onward Logistics PRE ALERT 860 0277 6292PVG000021.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
King Onward Logistics PRE ALERT 860 0277 6292PVG000021.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
log3@forrwel.net - Password:
HNnNLPY3 - Email To:
log3@forrwel.net
Targets
-
-
Target
King Onward Logistics PRE ALERT 860 0277 6292PVG000021.exe
-
Size
706KB
-
MD5
7d34c665021b9bb48eac42f853d0272d
-
SHA1
0f874e935da3f58a06a4d28d8786811e0883574a
-
SHA256
90e926a50fdd51897942e407e917649f7cfdac92a9f95cc73d263c8f7fff695e
-
SHA512
7950cc2b634bc3233e8a2e3672d3ae48102408b940f472bbe68ffde139981ff94304bc7cd4a1b2e46b59819fa15800ca4040e5b51c24d46e4b228115e87483ea
-
SSDEEP
12288:qxVqHHYCPjimOMt+ryNN9wP+9x+aCyNGZdnnKbLctqg3nZoZzwa:qxVqHHYOimXYyNNOPOlfNLbRkZ6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-