General
-
Target
DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exe
-
Size
1.0MB
-
Sample
210408-9rdth6bjtj
-
MD5
a2cbfba13ad3bb397d6d445cd0034a3d
-
SHA1
32d6e5d1ab75a72dc1760c89feb83d2342e78f6b
-
SHA256
3097b8c703159cf613aba9c2f42b090a391c060402af0c322b29f26e4bf4c22e
-
SHA512
d1e165efe2caff2fd7c3f31d1bafdc5c251d460e49a27666f4964b76dfe355189fdf7830b4cdcf7a6e566266300622f70bd8af3d4c1bd12f87992327550932f8
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
sammorris@askoblue.com - Password:
P)RTDOg8
Targets
-
-
Target
DHL_Express_Shipment_Invoice_Confirmation_CBJ190517000131_74700456XXXX.exe
-
Size
1.0MB
-
MD5
a2cbfba13ad3bb397d6d445cd0034a3d
-
SHA1
32d6e5d1ab75a72dc1760c89feb83d2342e78f6b
-
SHA256
3097b8c703159cf613aba9c2f42b090a391c060402af0c322b29f26e4bf4c22e
-
SHA512
d1e165efe2caff2fd7c3f31d1bafdc5c251d460e49a27666f4964b76dfe355189fdf7830b4cdcf7a6e566266300622f70bd8af3d4c1bd12f87992327550932f8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-