General
-
Target
Pending DHL Shipment Notification REF 04521.xlsx
-
Size
964KB
-
Sample
210504-k24tj3vsx6
-
MD5
04bc6764f8cdffb64457c5d2a4fb724e
-
SHA1
0f07900befe2912a1539b02bf0897c858da65238
-
SHA256
cce20e15d25dff33fc03049e3fdfdf643eb50726e55e8c17994f64aa45bcd29e
-
SHA512
5d6616eb2a6f0fb627f9b1b7b8fdcf6a99c4c3396a68033690cad57129e954b63f2445c40da087d8d7340e1c6310fe43b7bca4ed02043661c3b7de74921e0ed8
Static task
static1
Behavioral task
behavioral1
Sample
Pending DHL Shipment Notification REF 04521.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Pending DHL Shipment Notification REF 04521.xlsx
Resource
win10v20210410
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1620445910:AAF2v81NoINJsu_XXnpGet1YDm-NxnznaIE/sendDocument
Targets
-
-
Target
Pending DHL Shipment Notification REF 04521.xlsx
-
Size
964KB
-
MD5
04bc6764f8cdffb64457c5d2a4fb724e
-
SHA1
0f07900befe2912a1539b02bf0897c858da65238
-
SHA256
cce20e15d25dff33fc03049e3fdfdf643eb50726e55e8c17994f64aa45bcd29e
-
SHA512
5d6616eb2a6f0fb627f9b1b7b8fdcf6a99c4c3396a68033690cad57129e954b63f2445c40da087d8d7340e1c6310fe43b7bca4ed02043661c3b7de74921e0ed8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-