General
-
Target
Scan_Order_Specification_DHL.exe
-
Size
582KB
-
Sample
211020-hdhd3ahfel
-
MD5
ac6d0bab372285ad89d7c334032fc809
-
SHA1
433c304e4a46852934178f6338ab8a34523b6d0e
-
SHA256
38aeafd284cbe435d1c9c5983ed056c010a6381e7ba180a68ebeba5845760511
-
SHA512
ad61335dc9ffe4d9d495def671a5d4d400263bd8258cb3fa311a91e92e6af14e27322562afee70c552d9e3a2187bb9552b3026f6b657c0f8ba114a5a9215ceff
Static task
static1
Behavioral task
behavioral1
Sample
Scan_Order_Specification_DHL.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Scan_Order_Specification_DHL.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.symmdentaesthetics.com/ - Port:
21 - Username:
[email protected]/ - Password:
smartooo@12
Protocol: ftp- Host:
ftp://ftp.symmdentaesthetics.com/ - Port:
21 - Username:
[email protected]/ - Password:
smartooo@12
Targets
-
-
Target
Scan_Order_Specification_DHL.exe
-
Size
582KB
-
MD5
ac6d0bab372285ad89d7c334032fc809
-
SHA1
433c304e4a46852934178f6338ab8a34523b6d0e
-
SHA256
38aeafd284cbe435d1c9c5983ed056c010a6381e7ba180a68ebeba5845760511
-
SHA512
ad61335dc9ffe4d9d495def671a5d4d400263bd8258cb3fa311a91e92e6af14e27322562afee70c552d9e3a2187bb9552b3026f6b657c0f8ba114a5a9215ceff
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-