DHL SHIPPING INVOICE DOCUMENTS.doc

Target

Size

1MB

Sample

210122-rkz8fkjvbe

Score

10 ^/10

MD5

8a415789b67c76118e31ca3748f528d0

SHA1

96ff9794cf429dd2bd8c7744622e28df2d6032a0

SHA256

c6b6c3ad94852d0fb8d6cf6d3aa2c4bfd14c627287317a72995a4c59a12d331e

SHA512

c89a719a3a48b61f6db38c8041e61ad83c387daaa280ca1380687c71038d39fe5961c3eb92adad047f826220ab6c95c6d508ee053590187bb4286a7849c8d103

Target

DHL SHIPPING INVOICE DOCUMENTS.doc

MD5

8a415789b67c76118e31ca3748f528d0

Filesize

1MB

Score

5 ^/10

SHA1

96ff9794cf429dd2bd8c7744622e28df2d6032a0

SHA256

c6b6c3ad94852d0fb8d6cf6d3aa2c4bfd14c627287317a72995a4c59a12d331e

SHA512

c89a719a3a48b61f6db38c8041e61ad83c387daaa280ca1380687c71038d39fe5961c3eb92adad047f826220ab6c95c6d508ee053590187bb4286a7849c8d103

Signatures

AgentTesla

Description

Agent Tesla is a remote access tool (RAT) written in visual basic.

Tags

keylogger trojan stealer spyware agenttesla
Blocklisted process makes network request
Executes dropped EXE
Loads dropped DLL
Reads data files stored by FTP clients

Description

Tries to access configuration files associated with programs like FileZilla.

Tags

spyware

TTPs

Data from Local System Credentials in Files
Reads user/profile data of local email clients

Description

Email clients store some user data on disk where infostealers will often target it.

Tags

spyware

TTPs

Data from Local System Credentials in Files
Reads user/profile data of web browsers

Description

Infostealers often target stored browser data, which can include saved credentials etc.

Tags

spyware

TTPs

Data from Local System Credentials in Files
Looks up external IP address via web service

Description

Uses a legitimate IP lookup service to find the infected system's external IP.
Enumerates physical storage devices

Description

Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Tags

ransomware

TTPs

System Information Discovery
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Data from Local System

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

Execution

Exploitation for Client Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

agenttesla keylogger ransomware spyware stealer trojan

10^/10

behavioral2

ransomware

5^/10

Tags

Signatures

AgentTesla

Description

Tags

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Looks up external IP address via web service

Description

Enumerates physical storage devices

Description

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2