General
-
Target
DHL Airwaybill # 6913321716.exe
-
Size
611KB
-
Sample
211025-gyrmssffe8
-
MD5
b692c60b997154b1d56db1bc1a6b68c2
-
SHA1
f085820aa4f392a35931b392e22ebb05b7c28b44
-
SHA256
92a54d01528b664cd0af7bfd45966727cca957c60a53a7fc63d4959fce9fe95d
-
SHA512
37117ca4333ff42a5e1916b57125b09896fb37c06e68ab4a2e531f2e1ecf20568a2d86108d29c0f548e7b5627889b73b6fb1e141590e4c8f8a3218265215cc2f
Static task
static1
Behavioral task
behavioral1
Sample
DHL Airwaybill # 6913321716.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
DHL Airwaybill # 6913321716.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.jatc0fs.com - Port:
587 - Username:
[email protected] - Password:
MJ(gkEj9
Targets
-
-
Target
DHL Airwaybill # 6913321716.exe
-
Size
611KB
-
MD5
b692c60b997154b1d56db1bc1a6b68c2
-
SHA1
f085820aa4f392a35931b392e22ebb05b7c28b44
-
SHA256
92a54d01528b664cd0af7bfd45966727cca957c60a53a7fc63d4959fce9fe95d
-
SHA512
37117ca4333ff42a5e1916b57125b09896fb37c06e68ab4a2e531f2e1ecf20568a2d86108d29c0f548e7b5627889b73b6fb1e141590e4c8f8a3218265215cc2f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-