General
-
Target
shipping documents.rar
-
Size
684KB
-
Sample
240603-gwf4aafd54
-
MD5
1c88aa02d39e35a3a3fa7cb817ecfd85
-
SHA1
fec7dfbacdb79e14e080f513c8cb2298cfab35c1
-
SHA256
abc1ab2d94c3bf032086a2428825c22ba00b3654c6c6aae9bcc36d9c6050a535
-
SHA512
a9a17b52d56f21fb6cb2de7fc3f022137224e4c90b1668b187f885b57e8774bedffe4078fc5c511bc78e0703b65e46ea8ca1d57a02f7b71a005a66d2fdc1992d
-
SSDEEP
12288:+zMdUngKgdR2on62yTxkCzeiHFAgrik4UI4szNvd3EKd2iTVuZThrZKrgvzal:+AE1gdEoTyTneilruTW4VuVhrEMvzal
Static task
static1
Behavioral task
behavioral1
Sample
shipping documents.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
shipping documents.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.springandsummer.lk - Port:
587 - Username:
[email protected] - Password:
anu##323 - Email To:
[email protected]
Targets
-
-
Target
shipping documents.exe
-
Size
721KB
-
MD5
11bdbb99b474b15e0b04e488061e9256
-
SHA1
db8bcdd61414f1388f455e8b4ce6ae5554ca38f3
-
SHA256
05b60524cb82eb522b46db014a5ec190e35d9fd433e7624232b53f142b3ed1a1
-
SHA512
558f471c17b3b701e059514002155a4f4d71dbe9159ebc5326f158a7fda241ae6445139899af5db663bd0ee2fcd5c952f7b248a2486be354b32d155ca503ed5f
-
SSDEEP
12288:zPO4mPK3Rx2Mewaliv+ilMkLbjfm2HV5gos04pG7PaD3H4lN3179DoDq74nXetkR:i4m02MewWivqkLbjfmQV4077yjH4f3Vu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-