General
-
Target
802cbfbb8e48d99f11166eef12a56a9f.bin
-
Size
693KB
-
Sample
240329-cvxbnafc5x
-
MD5
10be97fa6d3efd5b12fb1e5fa017b720
-
SHA1
79e9b0378aaa9135134c8f16f9bed0c53734b053
-
SHA256
256d41656aab05890fdbb04ba277714531168e3fd067d12dc8e4e45c26579fc9
-
SHA512
afccc264765792bae1cdedd8ded2ca973741c6d2e1d820e7567ae91f9a7901d2e30dcfe29344a4fb7567aafc5b6131704b3eda696aa7de66b2617b94c4ca0137
-
SSDEEP
12288:2U/b25nvCVyhHSGi0HO3yxbbhfs0DMwr5k/eEDBDWJGrex6Z+3ED89hxVXPMPaN5:FIHO3yxp00K/ZDBDW07M3ED89hx+CNEM
Static task
static1
Behavioral task
behavioral1
Sample
BL-SHIPPING INVOICE.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
BL-SHIPPING INVOICE.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.starlinetrading.com - Port:
587 - Username:
[email protected] - Password:
Tmn@#1571963?% - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.starlinetrading.com - Port:
587 - Username:
[email protected] - Password:
Tmn@#1571963?%
Targets
-
-
Target
BL-SHIPPING INVOICE.exe
-
Size
829KB
-
MD5
707b90ec211ff5a1c9292f80fdee0b36
-
SHA1
5fa7e481b898e93a2438a9902bbc12b64368191a
-
SHA256
f1ac86388ffe376b99f91b580e0d31128f385954d790121561717ed6bbb6561b
-
SHA512
4da929a2c1d4f7dc48df4989f3d24af42ab4c9bb236864fcdde44ea93f04913b59797e4090cea6c063c0beb2efde6e32b592931924db4fa5cde9377d36981485
-
SSDEEP
12288:KsMa2YUjyww0wiQ6lD1vOccAw13MBcveJuGhRa6VmLM3YWAydbfqD6HaK7ec9S:KsMa2Y2jomFWP13ycveAGoM3YW
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-