General
-
Target
b92f592c56d52d960cc9215c5e72aad8.bin
-
Size
1.4MB
-
Sample
231121-c8skmabf83
-
MD5
6aba8ef4f8f56ce381b389f2c5bbc379
-
SHA1
362ad9d84e7255d8c623d7b77a2c3025a1cb1181
-
SHA256
e4960467f26b430c8fd6e1e4ae54fd4e5ee97f551a07582671bb0c6bebd7c6ea
-
SHA512
76113412f6fcc62985d414898156f4aa972eb6f41e841664bdb56ea3231af87f11b4a48c8c5c1d59ac0e8cedd93f88c48472865772a8dd6e40a38a20c5ae6d94
-
SSDEEP
24576:0KRMBU8hjRg5/fgb8wkG/O3QWREKmWYhw1OsknN5DzIlywU4SJAWNP7X28e:J78ZS5/SXWREKzPS5z0K4SJAwDC
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Shipping Documents.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
Shipping Documents.exe
-
Size
1.9MB
-
MD5
e0bcb417f88eb3763db1da03853375e1
-
SHA1
3a4dafbaacf7127a7bd55a20346d9c857e01b5f2
-
SHA256
bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd
-
SHA512
b718af048706bf1b66ba69b429376702fb59dc03055ce22a10821509f80ba2beddae176a7234cf97ec7265a8a9f97b2ccc61ee4b11b086054799275549b7a1d5
-
SSDEEP
49152:sPKSQTERAQO3i2X9QfDjii+ZoEpNJHXXXS:MKSQTvmfvI5Xy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-