General
-
Target
ShippingOrder_ GSHS2400052.7z
-
Size
65KB
-
Sample
240420-ffnmrahf9w
-
MD5
e8c9c4b2977e55ce7a38b2367a01ad0e
-
SHA1
c9489cfb5bd92a3f1b8321ac5ece44fb06f08b02
-
SHA256
aec64a639bd0aedb740d3fde3857f4e3aaa863e2a46a56da759b6aa66e079cc7
-
SHA512
018faf8b7ec56fad5c1f51f457b4f30cf850b4129c29c60304b087b18e36a35699ca80871c99ff87dac71b288f4ff80db6d1344d498ff040b5307529d0bdf8ab
-
SSDEEP
1536:XhuLIM0SduMwK4k+nxLSjuob5zfpWkQgT1Sup4ShOShwFuFeuQhB7fTL27w:MGSduMwxxKuo/JSbWlhwIFE7fTuw
Static task
static1
Behavioral task
behavioral1
Sample
ShippingOrder_ GSHS2400052.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
mail@iaa-airferight.com - Password:
Asaprocky11 - Email To:
web@iaa-airferight.com
Targets
-
-
Target
ShippingOrder_ GSHS2400052.exe
-
Size
185KB
-
MD5
5a9bf748b2b3431b39e5a8fea6feaa80
-
SHA1
08a558eb27295a8e3f70a7a05cf958e2907fd970
-
SHA256
3801a5a9dd369ed4fefc953437c2059d00da7b98fabd3ec68262ef48f9718bcf
-
SHA512
caa42a2ea17c2ca98812478dd5739479be6fee0c243401c08003092749b1848b4090b7470f9f6641219b9696cccfecebfc2497e2d7fc8200fb833a13bbe0e022
-
SSDEEP
3072:fcGYpXxZwveS8lH9YYLI42pVWse3Ns6G2FxgiNCJmPG04:EGYpvwveMYpBRFxgvh
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-