General
-
Target
DHL Details.exe
-
Size
961KB
-
Sample
210201-v3btlr131a
-
MD5
4d9268d53a9589f7e25326f8231fa93e
-
SHA1
f65ed64320fd581e95da2f579ae94947708cba53
-
SHA256
2c9d9f9c0f927827d9847b327d2540f7203cb7cb29b82e34f910ac12fa5e765b
-
SHA512
8fa3ab7de4bd8c31f3cee2343034228e7dc9e6293b714fe97549b2ca2e2da0cacd77cb7529ec7a4cf1db983257f3c0bba08a24ac82df05765f400132e0034b07
Static task
static1
Behavioral task
behavioral1
Sample
DHL Details.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL Details.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
TB@h;x2zl*5c
Targets
-
-
Target
DHL Details.exe
-
Size
961KB
-
MD5
4d9268d53a9589f7e25326f8231fa93e
-
SHA1
f65ed64320fd581e95da2f579ae94947708cba53
-
SHA256
2c9d9f9c0f927827d9847b327d2540f7203cb7cb29b82e34f910ac12fa5e765b
-
SHA512
8fa3ab7de4bd8c31f3cee2343034228e7dc9e6293b714fe97549b2ca2e2da0cacd77cb7529ec7a4cf1db983257f3c0bba08a24ac82df05765f400132e0034b07
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-