General
-
Target
Shipping Documents.exe
-
Size
783KB
-
Sample
200731-y7nqcxk97s
-
MD5
e5bde8a869853246fcb3e03f8549745b
-
SHA1
e615e5d128153806519a2d7e500dc3f15a72aaed
-
SHA256
ee262364ef33326ce4d145a1bc920ded3750d2d73596c623962080b58084de1d
-
SHA512
eb646865c32e2882d9ef11f9dd4ccc4c794ffe4e714ecdc7a74d7f738425b0b0e4637a4f5cc9d2a8a5ea1b7ed673eb11656dffcb5e758641b463d5d52ca76536
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Shipping Documents.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gamzyolowo@yandex.com - Password:
chikaaka1
Targets
-
-
Target
Shipping Documents.exe
-
Size
783KB
-
MD5
e5bde8a869853246fcb3e03f8549745b
-
SHA1
e615e5d128153806519a2d7e500dc3f15a72aaed
-
SHA256
ee262364ef33326ce4d145a1bc920ded3750d2d73596c623962080b58084de1d
-
SHA512
eb646865c32e2882d9ef11f9dd4ccc4c794ffe4e714ecdc7a74d7f738425b0b0e4637a4f5cc9d2a8a5ea1b7ed673eb11656dffcb5e758641b463d5d52ca76536
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-