General
-
Target
DHL SHIPPING INVOICE DOCUMENTS.PDF.exe
-
Size
726KB
-
Sample
210810-p2skxb8zke
-
MD5
76a85359a3fb6c8352cbb9eab578dee4
-
SHA1
0ab66092f56fe9d01e50db4df2c506b21ef6ee20
-
SHA256
da6fffa759a427c9812725656112e73e8612255129cc639a31ba09ad96342877
-
SHA512
0dd68e010c4457d2b05bbfa407073cd36121ad9b3659c92af3f95fd4375ce6ac86794969f8e7e6831d3d21095a64b2f7019e61766291b4f65148dd83108eaa63
Static task
static1
Behavioral task
behavioral1
Sample
DHL SHIPPING INVOICE DOCUMENTS.PDF.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
DHL SHIPPING INVOICE DOCUMENTS.PDF.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aninditaeng.net - Port:
587 - Username:
admin@aninditaeng.net - Password:
t2weClGi1f~7Elps
Targets
-
-
Target
DHL SHIPPING INVOICE DOCUMENTS.PDF.exe
-
Size
726KB
-
MD5
76a85359a3fb6c8352cbb9eab578dee4
-
SHA1
0ab66092f56fe9d01e50db4df2c506b21ef6ee20
-
SHA256
da6fffa759a427c9812725656112e73e8612255129cc639a31ba09ad96342877
-
SHA512
0dd68e010c4457d2b05bbfa407073cd36121ad9b3659c92af3f95fd4375ce6ac86794969f8e7e6831d3d21095a64b2f7019e61766291b4f65148dd83108eaa63
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-