General
-
Target
DHLHAWB 57462839.exe
-
Size
539KB
-
Sample
210225-n1ygssspc6
-
MD5
937409ab4d04460da3a61a8af49940f4
-
SHA1
1a41e87a25ae680a94edd0a47c09bb28fa76b661
-
SHA256
1fe5c63b01b1faf6d5df0ad3cb8a369b3866ec6cbb6145e7dca11e5a5e49cfd0
-
SHA512
583033c8dbd083f90b4036461d0d718f8f45a9bed31f4e449e075a045993421f0d2d4c42f57f92483391405274f388e8154fed044b879caf0aea5a6187410f50
Static task
static1
Behavioral task
behavioral1
Sample
DHLHAWB 57462839.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHLHAWB 57462839.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
VuVW%xY7ceo
Targets
-
-
Target
DHLHAWB 57462839.exe
-
Size
539KB
-
MD5
937409ab4d04460da3a61a8af49940f4
-
SHA1
1a41e87a25ae680a94edd0a47c09bb28fa76b661
-
SHA256
1fe5c63b01b1faf6d5df0ad3cb8a369b3866ec6cbb6145e7dca11e5a5e49cfd0
-
SHA512
583033c8dbd083f90b4036461d0d718f8f45a9bed31f4e449e075a045993421f0d2d4c42f57f92483391405274f388e8154fed044b879caf0aea5a6187410f50
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-