General
-
Target
SHIPPING DOCUMENTS PDF.exe
-
Size
1.4MB
-
Sample
200624-qlme7t1zwe
-
MD5
602bdb24b5e481f190e84adde05f054f
-
SHA1
593e47fc09ac9ea43bccffc9c3880d4b69dd954b
-
SHA256
384f36ad8c67b24aab276a4b5c295cc0b2f690ca97d9ba854bce80b8f1e2031d
-
SHA512
6dc0a6af9ae2f21ff9ceedc14468b95aee5f0fb2f9dc533aba8198ac7e2210812cbaac269cad07492d7a3f67c95fe3881fa35c39c149d64b49a1e3fc9922ebad
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING DOCUMENTS PDF.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
SHIPPING DOCUMENTS PDF.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajalakshmi.co.in - Port:
587 - Username:
design1@rajalakshmi.co.in - Password:
009_DESign1*
Extracted
Protocol: smtp- Host:
mail.rajalakshmi.co.in - Port:
587 - Username:
design1@rajalakshmi.co.in - Password:
009_DESign1*
Targets
-
-
Target
SHIPPING DOCUMENTS PDF.exe
-
Size
1.4MB
-
MD5
602bdb24b5e481f190e84adde05f054f
-
SHA1
593e47fc09ac9ea43bccffc9c3880d4b69dd954b
-
SHA256
384f36ad8c67b24aab276a4b5c295cc0b2f690ca97d9ba854bce80b8f1e2031d
-
SHA512
6dc0a6af9ae2f21ff9ceedc14468b95aee5f0fb2f9dc533aba8198ac7e2210812cbaac269cad07492d7a3f67c95fe3881fa35c39c149d64b49a1e3fc9922ebad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-