General
-
Target
shipment documents _TRO2403069.exe
-
Size
738KB
-
Sample
240403-p7x5yadd7y
-
MD5
10addbb346b59ee9f910be60bbeeb3c3
-
SHA1
85cb029996fa94934fd6fdf9ef3976c46282e6af
-
SHA256
d3294fea72213eb1ea0db5b189c49d9dbb130a680931de340364bed3952913bd
-
SHA512
4766f750ae26a2deadbf176dac2529104a761d473675ca8a3dd3682d87c5718771eb427f44847a1936b51372411b9ed9b172517314df3b4d9cea7e89477f7f23
-
SSDEEP
12288:H0h0YOwqOXUDY2qWWzrX/Siz9qYT8BOv5BnSATN28DxFrsCzaQGNY1XgURF:HMO72qYVDzrai5m857I2mCzQ
Static task
static1
Behavioral task
behavioral1
Sample
shipment documents _TRO2403069.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
shipment documents _TRO2403069.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
pro51.emailserver.vn - Port:
587 - Username:
[email protected] - Password:
O{AG(tbFk2.Y - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
pro51.emailserver.vn - Port:
587 - Username:
[email protected] - Password:
O{AG(tbFk2.Y
Targets
-
-
Target
shipment documents _TRO2403069.exe
-
Size
738KB
-
MD5
10addbb346b59ee9f910be60bbeeb3c3
-
SHA1
85cb029996fa94934fd6fdf9ef3976c46282e6af
-
SHA256
d3294fea72213eb1ea0db5b189c49d9dbb130a680931de340364bed3952913bd
-
SHA512
4766f750ae26a2deadbf176dac2529104a761d473675ca8a3dd3682d87c5718771eb427f44847a1936b51372411b9ed9b172517314df3b4d9cea7e89477f7f23
-
SSDEEP
12288:H0h0YOwqOXUDY2qWWzrX/Siz9qYT8BOv5BnSATN28DxFrsCzaQGNY1XgURF:HMO72qYVDzrai5m857I2mCzQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-