General
-
Target
Dhl Document 7348255141.exe
-
Size
541KB
-
Sample
211202-rrwnaacgc7
-
MD5
7fc06b21db75238cf0245b5264986778
-
SHA1
07e0398e78aaabaf936843fa764dd75b83c90210
-
SHA256
8dc051198d7b28764d674b92ee567d9a6ba4a15c69d51ed654861b9205546768
-
SHA512
f4688bb24686210b2bfa65561542369d08d1421df306e9d308efc10a35950c9d7d5d806ac1c84abd7f98619bc7126dd56b027978b65d410ce1bc7297451b1622
Static task
static1
Behavioral task
behavioral1
Sample
Dhl Document 7348255141.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Dhl Document 7348255141.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.4plqroup.com - Port:
587 - Username:
vicalee@4plqroup.com - Password:
onvavLf8
Targets
-
-
Target
Dhl Document 7348255141.exe
-
Size
541KB
-
MD5
7fc06b21db75238cf0245b5264986778
-
SHA1
07e0398e78aaabaf936843fa764dd75b83c90210
-
SHA256
8dc051198d7b28764d674b92ee567d9a6ba4a15c69d51ed654861b9205546768
-
SHA512
f4688bb24686210b2bfa65561542369d08d1421df306e9d308efc10a35950c9d7d5d806ac1c84abd7f98619bc7126dd56b027978b65d410ce1bc7297451b1622
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-