General
-
Target
DHL0117389200183PDF.exe
-
Size
694KB
-
Sample
200630-2mf39y9gtn
-
MD5
54c61c56674b4454fd32e775f81bd278
-
SHA1
a92461392621be1c194df73a1566c32aae0bbd93
-
SHA256
0b28e11377a023f06d0cf8035e3b2146192004b32e1d0079d01a4958b639eb0d
-
SHA512
7a6d9959728a5ff97249fe5a561b54635a740039cac26178c84ee07e0cce86730d1a1583810750574309905454f63915a8164ee70a882627284d22f36af2614d
Static task
static1
Behavioral task
behavioral1
Sample
DHL0117389200183PDF.exe
Resource
win7
Behavioral task
behavioral2
Sample
DHL0117389200183PDF.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
DHL0117389200183PDF.exe
-
Size
694KB
-
MD5
54c61c56674b4454fd32e775f81bd278
-
SHA1
a92461392621be1c194df73a1566c32aae0bbd93
-
SHA256
0b28e11377a023f06d0cf8035e3b2146192004b32e1d0079d01a4958b639eb0d
-
SHA512
7a6d9959728a5ff97249fe5a561b54635a740039cac26178c84ee07e0cce86730d1a1583810750574309905454f63915a8164ee70a882627284d22f36af2614d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-