General
-
Target
DHL-#AWB130501923096.exe
-
Size
291KB
-
Sample
200713-4k9ht46w9x
-
MD5
0f41f481cb49d2e209570b3c0cd35a0a
-
SHA1
5a07b067c82e50d61504f051531e1a0c4e1f144e
-
SHA256
e726b85425a9c7ac3b74d7bb4b7d86079e66f22d27a4ecda2b002b2b7e1db7d7
-
SHA512
2983a7993cee20929aa24a26b62bd7ebb901b589586ce373d4ce09dfc159c9049cdece87f56679ac229fbe7fd5211207b7648b76ed8ebe8bd9c05318aacb7268
Static task
static1
Behavioral task
behavioral1
Sample
DHL-#AWB130501923096.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
DHL-#AWB130501923096.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flsrnidth.com - Port:
587 - Username:
[email protected] - Password:
x{Op,7(4O+yl
Targets
-
-
Target
DHL-#AWB130501923096.exe
-
Size
291KB
-
MD5
0f41f481cb49d2e209570b3c0cd35a0a
-
SHA1
5a07b067c82e50d61504f051531e1a0c4e1f144e
-
SHA256
e726b85425a9c7ac3b74d7bb4b7d86079e66f22d27a4ecda2b002b2b7e1db7d7
-
SHA512
2983a7993cee20929aa24a26b62bd7ebb901b589586ce373d4ce09dfc159c9049cdece87f56679ac229fbe7fd5211207b7648b76ed8ebe8bd9c05318aacb7268
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-