General
-
Target
DHL Delivery Invoice.pdf.exe
-
Size
576KB
-
Sample
211202-ktb84agfg5
-
MD5
1c8452d15051907d3bc10de6ae00220f
-
SHA1
22f840194dd125a4f416c9cf4f2daff13b0fcfc7
-
SHA256
264b1ca9df86f0d722b98b6aebc1be86d4c342747b709113a4eca4d68fc0dbdc
-
SHA512
ad72f89ea67b42268c5c43e3417bb8f179607743b68ca0f358306f2183a76cebff53153ef811b1f7f583a346af507d0cb9757bcccf64eb5858ed9d473d30d14e
Static task
static1
Behavioral task
behavioral1
Sample
DHL Delivery Invoice.pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DHL Delivery Invoice.pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
marcellinus360
Targets
-
-
Target
DHL Delivery Invoice.pdf.exe
-
Size
576KB
-
MD5
1c8452d15051907d3bc10de6ae00220f
-
SHA1
22f840194dd125a4f416c9cf4f2daff13b0fcfc7
-
SHA256
264b1ca9df86f0d722b98b6aebc1be86d4c342747b709113a4eca4d68fc0dbdc
-
SHA512
ad72f89ea67b42268c5c43e3417bb8f179607743b68ca0f358306f2183a76cebff53153ef811b1f7f583a346af507d0cb9757bcccf64eb5858ed9d473d30d14e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-