General
-
Target
DHL.TRACKING.DETAILS.2021.doc
-
Size
634KB
-
Sample
210421-aan1d9nv9x
-
MD5
73c142652fecd5c75b449de09f2e65d4
-
SHA1
f1039be2cff5fd0c842039fe05271a9a5c7c318c
-
SHA256
275e1e4ec6db7cfa0e893baedacfe37903a5133a0cd41d1551f86d51416465f4
-
SHA512
ce18f9bd8a15de605e54b9853bca69d0d33007ce9aae2c9c8bf987dc31537c5edc65cd96df32d184f8132b9f63fe5cedefff78860f1674a9961e3e3a8c668751
Static task
static1
Behavioral task
behavioral1
Sample
DHL.TRACKING.DETAILS.2021.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DHL.TRACKING.DETAILS.2021.doc
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
web2.changeip.com - Port:
587 - Username:
matiex4@chrismehat.com - Password:
2*xaR!aKyovu
Targets
-
-
Target
DHL.TRACKING.DETAILS.2021.doc
-
Size
634KB
-
MD5
73c142652fecd5c75b449de09f2e65d4
-
SHA1
f1039be2cff5fd0c842039fe05271a9a5c7c318c
-
SHA256
275e1e4ec6db7cfa0e893baedacfe37903a5133a0cd41d1551f86d51416465f4
-
SHA512
ce18f9bd8a15de605e54b9853bca69d0d33007ce9aae2c9c8bf987dc31537c5edc65cd96df32d184f8132b9f63fe5cedefff78860f1674a9961e3e3a8c668751
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-