General
-
Target
Original Shipping Documents.exe
-
Size
787KB
-
Sample
200731-trbdt68vye
-
MD5
24d470040d22bbff52a8388c96ede9c4
-
SHA1
a58d9c3007c2316676f0ca1c43eb1da94a8d0aff
-
SHA256
d1acb47d2f3d3f08def6a48de5ee5cd09cae41a8c0ad42553e83c3c36a98bba0
-
SHA512
d1aacfc74db02e9c382766287531b00846c8c5c965f156a3df711ddfd94bd00c17ff5f315aad959f4ff04c98fc91d31f482d5be10eaf5ca1099433c5af86f860
Static task
static1
Behavioral task
behavioral1
Sample
Original Shipping Documents.exe
Resource
win7
Behavioral task
behavioral2
Sample
Original Shipping Documents.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gamzyolowo@yandex.com - Password:
chikaaka1
Targets
-
-
Target
Original Shipping Documents.exe
-
Size
787KB
-
MD5
24d470040d22bbff52a8388c96ede9c4
-
SHA1
a58d9c3007c2316676f0ca1c43eb1da94a8d0aff
-
SHA256
d1acb47d2f3d3f08def6a48de5ee5cd09cae41a8c0ad42553e83c3c36a98bba0
-
SHA512
d1aacfc74db02e9c382766287531b00846c8c5c965f156a3df711ddfd94bd00c17ff5f315aad959f4ff04c98fc91d31f482d5be10eaf5ca1099433c5af86f860
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-