General
-
Target
SCAN#DHL-PDF1822.exe
-
Size
544KB
-
Sample
200709-gt7k55s426
-
MD5
96212af51809372d313ce7fb9d650ccd
-
SHA1
38a781f245fbc5d4d4962fe69afbf81b0ea1f212
-
SHA256
816ba0410d3765fad3ab66a6a1b9656e8c0c84a3387611f491be6ac7bad99ed1
-
SHA512
7b2c87d2e22ce284180fa50c9ff35580a1c96f940668452605dc05294ad1d013ff20c87a33b1f5ec63ce9ef011c993a09bf2212bb0bf3351de9bc8fcba8174a0
Static task
static1
Behavioral task
behavioral1
Sample
SCAN#DHL-PDF1822.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
SCAN#DHL-PDF1822.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ibtbrussel.eu - Port:
587 - Username:
[email protected] - Password:
EZ^W$LB3
Targets
-
-
Target
SCAN#DHL-PDF1822.exe
-
Size
544KB
-
MD5
96212af51809372d313ce7fb9d650ccd
-
SHA1
38a781f245fbc5d4d4962fe69afbf81b0ea1f212
-
SHA256
816ba0410d3765fad3ab66a6a1b9656e8c0c84a3387611f491be6ac7bad99ed1
-
SHA512
7b2c87d2e22ce284180fa50c9ff35580a1c96f940668452605dc05294ad1d013ff20c87a33b1f5ec63ce9ef011c993a09bf2212bb0bf3351de9bc8fcba8174a0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-