General
-
Target
Air Freight Quote Request - 20240611 (CN).pdf.z
-
Size
589KB
-
Sample
240619-s5eglaxepk
-
MD5
811e58397f2159ba7f3112678f1beaa5
-
SHA1
6eb1d690186f5ebf884e2342f067eb2c26716b4f
-
SHA256
e8d87fc4f28af694d0be9ec6e4b5aeff6566d430e92949522605b65fb002861e
-
SHA512
37ac131da0daa671690566aecf124d8a5290d3a8d7f6c07d49fce1d4b8c7ca89fef14ae16bbb068b303ff475aa965d51a8eb978dafb1f44bb99e090d59c7b166
-
SSDEEP
12288:ovUh/ZS4tN7o8cKlIbNlIKQIIXLtBIpK0kbmt2kdN9khh/f5ly759fa4u:oM/ZSm7o8cKlsORpBB57bmkoN9kP+75G
Static task
static1
Behavioral task
behavioral1
Sample
Air Freight Quote Request - 20240611 (CN).exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Air Freight Quote Request - 20240611 (CN).exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
tVNMUR%7 - Email To:
[email protected]
Targets
-
-
Target
Air Freight Quote Request - 20240611 (CN).exe
-
Size
1.1MB
-
MD5
598d487713ff888cc04868c05c93bb91
-
SHA1
9ea60318d47f904185ce94ff672b4f28103e20bc
-
SHA256
a67c10adfb8b15253fbb8f6caa041927d11b7e9fdcb4e7fb57cc6c195b85a07f
-
SHA512
357a3ac84d84d46f30cff3e8133c5fc63eaf3fa3e8e50bea82f92fa361937948f18a093a338be63654468507cc8af8ec9e3e03d39a93a148a22805d5515339da
-
SSDEEP
24576:nAHnh+eWsN3skA4RV1Hom2KXMmHaX+BIMrpfC5ZCTrM5:ah+ZkldoPK8YaX+BJr45ZCq
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-