General
-
Target
FedEx_AWB#885021012746.rar
-
Size
607KB
-
Sample
231206-s9d2maea9z
-
MD5
afa5b9ce07953f0e636f0c89aea4efa2
-
SHA1
091ec45d3c706cd97ae2bc72b1252a7f86cbe020
-
SHA256
b248924739ea6e09d407f8196468909c9f58c435d1efee8c49c2fb54928abfc5
-
SHA512
9782c73113cbb2c3f3985204f389423360c05985772cb5aafa961cbcdbc5be87bf82baa6beea3eb8e155e2ad926d590748ec371a4298e56c776e78ec2e0ba082
-
SSDEEP
12288:upmXxfrAdYrE+SV4vKS2smrZDeOcSc32c1ctI2rYIWSOxYOHCWmjCRpKYRK23:uikYrpKS0rTc3g/8IvOxYeCWFRHRK23
Static task
static1
Behavioral task
behavioral1
Sample
FedEx_AWB#885021012746.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
FedEx_AWB#885021012746.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nl10.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
k[yH!8Z$AE;d - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
nl10.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
k[yH!8Z$AE;d
Targets
-
-
Target
FedEx_AWB#885021012746.exe
-
Size
638KB
-
MD5
10477de164af2dd3f724c2ae1a24a98b
-
SHA1
499746a12043721b7e08985087b54ee23f7f8903
-
SHA256
5f010877aa2a19af0395aa9faa351df8d2c13ab68b61063e34edfe17c2d75a0f
-
SHA512
1fb8a8a14f340103b9547ff65896b36f0e25678a25fc99775ceff25da56227fc7553c6f2f54587e28ef274e10f10048b194021494bea5673a764ef8db3215193
-
SSDEEP
12288:6wWQaueH5qUhZXrkvoaY2CCuRnfyyc2oSSJRF5vnmlGNvuHk1Ctd37Duhy:6w6qUhEoTRVRfncHSqFJgGNPoz
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-