General
-
Target
Dhl Client Invoice.exe
-
Size
902KB
-
Sample
210112-tg2aapeh3j
-
MD5
2d07c344248e3ddb329ef4d2957a8705
-
SHA1
f99d75f20f4c8110bc853aae947eec89d4125079
-
SHA256
75f0e66421a925ed82948674eae51f4f89ee6a2e401554a9b5a2e4a902f56a59
-
SHA512
be121b0b4e0338465738914e74e74c246b3fe5ca0fc3963576eb480a94f8bb46b45f98ec38bcc2bb53e90c4d81bd29704a2095f1a4df2873eda464647c5cc5ae
Static task
static1
Behavioral task
behavioral1
Sample
Dhl Client Invoice.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Dhl Client Invoice.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1523833607:AAEjzwfzgdTBuMJRqHOjQum2L9cmZqxqNvM/sendDocument
Targets
-
-
Target
Dhl Client Invoice.exe
-
Size
902KB
-
MD5
2d07c344248e3ddb329ef4d2957a8705
-
SHA1
f99d75f20f4c8110bc853aae947eec89d4125079
-
SHA256
75f0e66421a925ed82948674eae51f4f89ee6a2e401554a9b5a2e4a902f56a59
-
SHA512
be121b0b4e0338465738914e74e74c246b3fe5ca0fc3963576eb480a94f8bb46b45f98ec38bcc2bb53e90c4d81bd29704a2095f1a4df2873eda464647c5cc5ae
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-