General
-
Target
DHL DELIVERY DOCUMENT.exe
-
Size
732KB
-
Sample
211023-f7pzwscbb7
-
MD5
a686c00744d975ed8775855e3885eff4
-
SHA1
8e10da37654b53a3ccfa5fbec2c0f445e553c6bf
-
SHA256
24282f64129f9eb662558f7e0c401065a699701d88ad717000d8fca8bbeba2af
-
SHA512
2c1baa0309fa346bc830ee052353b8a14bc8b6d931460a0cb48a502d2f2588ed674bdf4574863c00060503b5fe51b36109e15463c1f0d3ddeebf1086d3d6bca9
Static task
static1
Behavioral task
behavioral1
Sample
DHL DELIVERY DOCUMENT.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DHL DELIVERY DOCUMENT.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
gregowen12@yandex.ru - Password:
enugu042
Targets
-
-
Target
DHL DELIVERY DOCUMENT.exe
-
Size
732KB
-
MD5
a686c00744d975ed8775855e3885eff4
-
SHA1
8e10da37654b53a3ccfa5fbec2c0f445e553c6bf
-
SHA256
24282f64129f9eb662558f7e0c401065a699701d88ad717000d8fca8bbeba2af
-
SHA512
2c1baa0309fa346bc830ee052353b8a14bc8b6d931460a0cb48a502d2f2588ed674bdf4574863c00060503b5fe51b36109e15463c1f0d3ddeebf1086d3d6bca9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-