General
-
Target
DHL SHIPMENT NOTIFICATION 284748395PD.exe
-
Size
478KB
-
Sample
211202-q5bplacda6
-
MD5
ad87619820aa1c150c35ef8bdb4a6b09
-
SHA1
169c4b930585e5c4212662d208c7b7f66a692dc1
-
SHA256
394fda858d125629741feb8afcc89b15425f643549097507d28a37338cff57ef
-
SHA512
8fcf068d41beeeac5f7e6b8465ad0ef44a723665e89453fc1ca465a6e535e1be12fc08bf2fcf83db1317042bdae85d6147f02b98b2bc75d53613cee53083f1f9
Static task
static1
Behavioral task
behavioral1
Sample
DHL SHIPMENT NOTIFICATION 284748395PD.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
DHL SHIPMENT NOTIFICATION 284748395PD.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.aclthyaexports.net - Port:
587 - Username:
firstlogs@aclthyaexports.net - Password:
User@@12345
Targets
-
-
Target
DHL SHIPMENT NOTIFICATION 284748395PD.exe
-
Size
478KB
-
MD5
ad87619820aa1c150c35ef8bdb4a6b09
-
SHA1
169c4b930585e5c4212662d208c7b7f66a692dc1
-
SHA256
394fda858d125629741feb8afcc89b15425f643549097507d28a37338cff57ef
-
SHA512
8fcf068d41beeeac5f7e6b8465ad0ef44a723665e89453fc1ca465a6e535e1be12fc08bf2fcf83db1317042bdae85d6147f02b98b2bc75d53613cee53083f1f9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-