General
-
Target
DHL Delivery Documents.pdf.exe
-
Size
619KB
-
Sample
211201-v11kdaheb2
-
MD5
b25de32c3e31abcfb2b051d2d753e79b
-
SHA1
b0675fa9794f8bc58183e23f368f04c9fb8f1da5
-
SHA256
b77b44a682f3bbfeb6bdfeb66fd97bd0796f5fae706661350d767ab585c9d49f
-
SHA512
7f8c61d1170067737a240ac069b386cac64fff86762a866d96ed4820618bedb847e5819bce839deeb750acdb21f9b38546d8c8bc167af48ba4a536aab01c0d65
Static task
static1
Behavioral task
behavioral1
Sample
DHL Delivery Documents.pdf.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
DHL Delivery Documents.pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bhgautopartes.com - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
DHL Delivery Documents.pdf.exe
-
Size
619KB
-
MD5
b25de32c3e31abcfb2b051d2d753e79b
-
SHA1
b0675fa9794f8bc58183e23f368f04c9fb8f1da5
-
SHA256
b77b44a682f3bbfeb6bdfeb66fd97bd0796f5fae706661350d767ab585c9d49f
-
SHA512
7f8c61d1170067737a240ac069b386cac64fff86762a866d96ed4820618bedb847e5819bce839deeb750acdb21f9b38546d8c8bc167af48ba4a536aab01c0d65
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-