General
-
Target
rShipmentNotification_pdf.exe
-
Size
1.2MB
-
Sample
240911-zpal2asgnh
-
MD5
7133ab55e31ea1b16b141a561d5c3b27
-
SHA1
f08bf25e27b467460a5fecfa421c0555d4c88616
-
SHA256
34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70
-
SHA512
7d54f51c80f3e3ab3a1b86176d22c49241bfa0bd24b2ec81c38ad193c4491cd46dc55aedf410c5ce5b69fc634fb92966ac6dda4353dda146ac43f9072bcb9697
-
SSDEEP
24576:C4lavt0LkLL9IMixoEgea6RyGw86lPCEYq9MmCS:1kwkn9IMHea6RRw8u69aPCS
Static task
static1
Behavioral task
behavioral1
Sample
rShipmentNotification_pdf.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
rShipmentNotification_pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
rShipmentNotification_pdf.exe
-
Size
1.2MB
-
MD5
7133ab55e31ea1b16b141a561d5c3b27
-
SHA1
f08bf25e27b467460a5fecfa421c0555d4c88616
-
SHA256
34686435161bf43bd4c33df68a733b72ac73c24e5cd1d8fa473a7f55c373ab70
-
SHA512
7d54f51c80f3e3ab3a1b86176d22c49241bfa0bd24b2ec81c38ad193c4491cd46dc55aedf410c5ce5b69fc634fb92966ac6dda4353dda146ac43f9072bcb9697
-
SSDEEP
24576:C4lavt0LkLL9IMixoEgea6RyGw86lPCEYq9MmCS:1kwkn9IMHea6RRw8u69aPCS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-