General
-
Target
DHL document.exe
-
Size
1.0MB
-
Sample
210113-63r6btvlya
-
MD5
5c629d2ad3a45250eebc832c568e9ad0
-
SHA1
8b32e938bcd05fb40ec673607a4748b4badbd614
-
SHA256
566554b534a53102dd67fc20bd07ca49241b51616d73619e383e80bdfc4fe08a
-
SHA512
311a877d39f6edab27162139a9ac0517a60284725a8c766d00a81b4d786fa0b59d4c5dd88d6cf873be5b6170d3a2a4ce5c61e30926b3c0a27e20b2abf155c1a4
Static task
static1
Behavioral task
behavioral1
Sample
DHL document.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL document.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dicon.md - Port:
587 - Username:
nado@dicon.md - Password:
Nneoma1234@
Targets
-
-
Target
DHL document.exe
-
Size
1.0MB
-
MD5
5c629d2ad3a45250eebc832c568e9ad0
-
SHA1
8b32e938bcd05fb40ec673607a4748b4badbd614
-
SHA256
566554b534a53102dd67fc20bd07ca49241b51616d73619e383e80bdfc4fe08a
-
SHA512
311a877d39f6edab27162139a9ac0517a60284725a8c766d00a81b4d786fa0b59d4c5dd88d6cf873be5b6170d3a2a4ce5c61e30926b3c0a27e20b2abf155c1a4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-