General
-
Target
DHL Airwaybill # 6913321716.exe
-
Size
592KB
-
Sample
211025-gzcv2afff2
-
MD5
72ddf2d68974711a48dd37f97fc00285
-
SHA1
c2b674c923b7f5d0f9b95c08a1a0f5d2bf33c43a
-
SHA256
0b6a156387340376f9e5fa299a21e414bcd930766e34fe84957a947e2f2cdf3d
-
SHA512
624b0def43025d1d4a4a172eeb15dea0df6efb5635bf7862c9156bd10b0e11ad19a46bf07ebfc9ff524c331fe24a0039a5991cc78ccb2f07b496ffa63e9c0de9
Static task
static1
Behavioral task
behavioral1
Sample
DHL Airwaybill # 6913321716.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DHL Airwaybill # 6913321716.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.jatc0fs.com - Port:
587 - Username:
babalee@jatc0fs.com - Password:
MJ(gkEj9
Targets
-
-
Target
DHL Airwaybill # 6913321716.exe
-
Size
592KB
-
MD5
72ddf2d68974711a48dd37f97fc00285
-
SHA1
c2b674c923b7f5d0f9b95c08a1a0f5d2bf33c43a
-
SHA256
0b6a156387340376f9e5fa299a21e414bcd930766e34fe84957a947e2f2cdf3d
-
SHA512
624b0def43025d1d4a4a172eeb15dea0df6efb5635bf7862c9156bd10b0e11ad19a46bf07ebfc9ff524c331fe24a0039a5991cc78ccb2f07b496ffa63e9c0de9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-