General
-
Target
SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe
-
Size
1.4MB
-
Sample
200624-8cy4b4kc62
-
MD5
4c44f7cd52dd7f496a3becf1c1de3dca
-
SHA1
dacdf39c0c61a74b8f30d406ab8d7e2575244e19
-
SHA256
301e1fa5855704be7f2c773cb7393098c89fe31b40dc6237420835d1c53a6a64
-
SHA512
33393a0187ae4005f3f4e569dda510b9d6abb89fbfb6da0038a13457fed9e5ef972f6919d15aa765c9ceec583bc9639359dbfc793f5a9c1aa3d7f3e43d518dce
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe
Resource
win7
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajalakshmi.co.in - Port:
587 - Username:
projects@rajalakshmi.co.in - Password:
016_PROjects*
Targets
-
-
Target
SHIPPING DOCUMENTS AND EXIT ENTRY NOTE.exe
-
Size
1.4MB
-
MD5
4c44f7cd52dd7f496a3becf1c1de3dca
-
SHA1
dacdf39c0c61a74b8f30d406ab8d7e2575244e19
-
SHA256
301e1fa5855704be7f2c773cb7393098c89fe31b40dc6237420835d1c53a6a64
-
SHA512
33393a0187ae4005f3f4e569dda510b9d6abb89fbfb6da0038a13457fed9e5ef972f6919d15aa765c9ceec583bc9639359dbfc793f5a9c1aa3d7f3e43d518dce
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-