General
-
Target
VESSEL PARTICULARS - NYK LINE.doc.exe
-
Size
384KB
-
Sample
210928-lycwvsbea4
-
MD5
93445df2c96362810e0395c5c867700e
-
SHA1
645f936406b04fbfb737bbffb5678d5255c6ec34
-
SHA256
ecb4fe719a7fc1365d70ec9db8b3c74cb4bf8968324c25d3817fcc5628fae6fa
-
SHA512
bfcfc7c220963f8269537b737d71251dfe3a9f6a800e7d65e3a1fd449a4f3f9e12c7f20207543009f8655a4fdfa672a11173de27e682478da4f15a0875f3bae8
Static task
static1
Behavioral task
behavioral1
Sample
VESSEL PARTICULARS - NYK LINE.doc.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
VESSEL PARTICULARS - NYK LINE.doc.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.boydsteamships.com - Port:
587 - Username:
csanchez@boydsteamships.com - Password:
co*tNjEBt4
Targets
-
-
Target
VESSEL PARTICULARS - NYK LINE.doc.exe
-
Size
384KB
-
MD5
93445df2c96362810e0395c5c867700e
-
SHA1
645f936406b04fbfb737bbffb5678d5255c6ec34
-
SHA256
ecb4fe719a7fc1365d70ec9db8b3c74cb4bf8968324c25d3817fcc5628fae6fa
-
SHA512
bfcfc7c220963f8269537b737d71251dfe3a9f6a800e7d65e3a1fd449a4f3f9e12c7f20207543009f8655a4fdfa672a11173de27e682478da4f15a0875f3bae8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-