General
-
Target
RERESHIPPING DOCUMENTS.exe
-
Size
1.4MB
-
Sample
200624-mtge14zvyj
-
MD5
4b84df939fc77afc1ea99bbe2c78ba71
-
SHA1
cead340d7a594ab1384888fe6232f4797b973a41
-
SHA256
cd77bc5bc1a62f613db72dca020f3fb093577ae47eb74917baba6a69f1a07389
-
SHA512
acfbc642c290e297e543aa99b935fa9f8f3e49ce45d3b43f6edf6fe0b68baaea13484c7c82cbf73a0ab0f4ef0913b012e0c6b684a5e4cf462dac50b16e479a97
Static task
static1
Behavioral task
behavioral1
Sample
RERESHIPPING DOCUMENTS.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
RERESHIPPING DOCUMENTS.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.deepakengineers.co.in - Port:
587 - Username:
info@deepakengineers.co.in - Password:
rubina@@123*
Extracted
Protocol: smtp- Host:
mail.deepakengineers.co.in - Port:
587 - Username:
info@deepakengineers.co.in - Password:
rubina@@123*
Targets
-
-
Target
RERESHIPPING DOCUMENTS.exe
-
Size
1.4MB
-
MD5
4b84df939fc77afc1ea99bbe2c78ba71
-
SHA1
cead340d7a594ab1384888fe6232f4797b973a41
-
SHA256
cd77bc5bc1a62f613db72dca020f3fb093577ae47eb74917baba6a69f1a07389
-
SHA512
acfbc642c290e297e543aa99b935fa9f8f3e49ce45d3b43f6edf6fe0b68baaea13484c7c82cbf73a0ab0f4ef0913b012e0c6b684a5e4cf462dac50b16e479a97
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-