General
-
Target
SHIPPING DOCS.exe
-
Size
723KB
-
Sample
240515-nh9xrsfc36
-
MD5
88be5523b8927cec8ed429249f77a2ec
-
SHA1
bab24a7676c2a150b9fb2d3200a2ba6b3106cf69
-
SHA256
d3ee113c39ec074e30b6248bc6362ee4c742214e075538b708384e01bf1e2d97
-
SHA512
e0a04e1d2fdbdd5d4cf154572b2de33568009eadcfe8655d6b434b62fc57a199df018aa63c89efdc149bcf22c70eb81a9a9b462eec3595224c79f4aa3c3ff1f9
-
SSDEEP
12288:fReLAfP7wDdK4o/yMknMQWrC2PYwvDpftEQKeUtAUWU62TkR:J537wDdz7MrW2PhVftyHl8Z
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCS.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
SHIPPING DOCS.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.shaktiinstrumentations.in - Port:
587 - Username:
[email protected] - Password:
Shakti54231!@#$%#@! - Email To:
[email protected]
Targets
-
-
Target
SHIPPING DOCS.exe
-
Size
723KB
-
MD5
88be5523b8927cec8ed429249f77a2ec
-
SHA1
bab24a7676c2a150b9fb2d3200a2ba6b3106cf69
-
SHA256
d3ee113c39ec074e30b6248bc6362ee4c742214e075538b708384e01bf1e2d97
-
SHA512
e0a04e1d2fdbdd5d4cf154572b2de33568009eadcfe8655d6b434b62fc57a199df018aa63c89efdc149bcf22c70eb81a9a9b462eec3595224c79f4aa3c3ff1f9
-
SSDEEP
12288:fReLAfP7wDdK4o/yMknMQWrC2PYwvDpftEQKeUtAUWU62TkR:J537wDdz7MrW2PhVftyHl8Z
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-