General
-
Target
4d99b46424924201dd08e8fecebbf5b064b37e7fdad8cc968cdfc0e0f0b97ead.tar
-
Size
649KB
-
Sample
231201-x7e85afe9x
-
MD5
c1739d57a4ecc23b17f8079e2802b883
-
SHA1
19841dad0a31b85448e2cb1945387bbef464dda7
-
SHA256
4d99b46424924201dd08e8fecebbf5b064b37e7fdad8cc968cdfc0e0f0b97ead
-
SHA512
8a04b5181a07b6cde17ae0814f1e451c835bfa655bc85772a929dc57cf1c1352fad700a9b62f9033d6929333a14184d82cbc951636f269a2a67582591e93c4f5
-
SSDEEP
12288:jHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:cJsdsPC9ZHfvihA//bRp9xFeAjWrXe
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Shipping Documents.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
29ftOO+6H-ivsG5A - Email To:
[email protected]
Targets
-
-
Target
Shipping Documents.exe
-
Size
647KB
-
MD5
c4a1c630b0f8185f81caeee3fb378744
-
SHA1
c57c38a18d2a349d621ab059c28f04ce68302d8c
-
SHA256
0b445847b8750637180e5c10be73bbb758082939394c3fd1ee2a2ea08d61e83d
-
SHA512
5470a96ebbb28efcb1959c0ff9a4a30f95f4e825de1fbe63797219465801eff6a2227baf476371c27ad8a52151cbf0060fc943a47626221959e26f01e870c34b
-
SSDEEP
12288:pHoZzsJ5QWsnm8O1OkfZFZllfvih/IpZAEbRCk9TN0IetKjWo7lb2SGopox:KJsdsPC9ZHfvihA//bRp9xFeAjWrXe
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-