General
-
Target
DHL-3-12-20.ppt
-
Size
308KB
-
Sample
201204-8gygfx3f4n
-
MD5
e1545289a3051a400be31e9e485b7a96
-
SHA1
060222f611579360d83699f58c2b16c202ce0440
-
SHA256
4032b7730b04a326f49c57f9b140b94332f87d5d0bf4c33ebfaee973527f822d
-
SHA512
c37d2d296b52e12e28265406b9b6b7f5944b2bae473f5bd6ede18a5ccff3dc024fa0ea5dfd026e4d3931883cf252c2dd4d67a5bbde1e41b822aa5177974f788e
Static task
static1
Behavioral task
behavioral1
Sample
DHL-3-12-20.ppt
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL-3-12-20.ppt
Resource
win10v20201028
Malware Config
Extracted
agenttesla
http://69.174.99.26/webpanel-ice/inc/a297721577bf46.php
Targets
-
-
Target
DHL-3-12-20.ppt
-
Size
308KB
-
MD5
e1545289a3051a400be31e9e485b7a96
-
SHA1
060222f611579360d83699f58c2b16c202ce0440
-
SHA256
4032b7730b04a326f49c57f9b140b94332f87d5d0bf4c33ebfaee973527f822d
-
SHA512
c37d2d296b52e12e28265406b9b6b7f5944b2bae473f5bd6ede18a5ccff3dc024fa0ea5dfd026e4d3931883cf252c2dd4d67a5bbde1e41b822aa5177974f788e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Drops file in System32 directory
-