General
-
Target
DHL-AW1258901FE2021_pdf.exe
-
Size
741KB
-
Sample
210727-7lr3dx1x42
-
MD5
dbf6a8d2aee3ee5ba2cd2f88e567ebcd
-
SHA1
9be4bb39f0c58b83a4f5571c1fb08cd6e2445a4c
-
SHA256
5b8456fbfb62922ce7383ffb8e070c0524768a40bda22da415640128baef40b0
-
SHA512
901c0da35636ae8a4dc9b71232de31c76565837c33b384461990f6f77fef82fb4f9b51c8023d44ebcda2ff5d928e0da01253f6d606162e2c16c8bb851d409657
Static task
static1
Behavioral task
behavioral1
Sample
DHL-AW1258901FE2021_pdf.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DHL-AW1258901FE2021_pdf.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtpout.secureserver.net - Port:
587 - Username:
sales1@ashtavinayaka.com - Password:
123456789
Targets
-
-
Target
DHL-AW1258901FE2021_pdf.exe
-
Size
741KB
-
MD5
dbf6a8d2aee3ee5ba2cd2f88e567ebcd
-
SHA1
9be4bb39f0c58b83a4f5571c1fb08cd6e2445a4c
-
SHA256
5b8456fbfb62922ce7383ffb8e070c0524768a40bda22da415640128baef40b0
-
SHA512
901c0da35636ae8a4dc9b71232de31c76565837c33b384461990f6f77fef82fb4f9b51c8023d44ebcda2ff5d928e0da01253f6d606162e2c16c8bb851d409657
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-