General
-
Target
Scan_10_2_2021 DHL#SHIPMENT_PENDING.exe
-
Size
467KB
-
Sample
211020-nnapvshhcn
-
MD5
a97d9178b7be9d26a92cfe89ea38d5be
-
SHA1
b53938993454161313acc4e34871f52c6f6bac1a
-
SHA256
92702ac48ce79bc2c5c3412c4e0220e760bdf247390e27c4912481617cf5b3ef
-
SHA512
4f3748079e921c1f153b9d664303134d4bdbfe52a98dd7e4dbac58634c314484bd32fa5f4412115ce70a83fb16b504d20fde14405c51bccddb68fbd780935557
Static task
static1
Behavioral task
behavioral1
Sample
Scan_10_2_2021 DHL#SHIPMENT_PENDING.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Scan_10_2_2021 DHL#SHIPMENT_PENDING.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.sunyimpex.com/ - Port:
21 - Username:
[email protected] - Password:
BZl@Xw{D(HQm
Targets
-
-
Target
Scan_10_2_2021 DHL#SHIPMENT_PENDING.exe
-
Size
467KB
-
MD5
a97d9178b7be9d26a92cfe89ea38d5be
-
SHA1
b53938993454161313acc4e34871f52c6f6bac1a
-
SHA256
92702ac48ce79bc2c5c3412c4e0220e760bdf247390e27c4912481617cf5b3ef
-
SHA512
4f3748079e921c1f153b9d664303134d4bdbfe52a98dd7e4dbac58634c314484bd32fa5f4412115ce70a83fb16b504d20fde14405c51bccddb68fbd780935557
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-