General
-
Target
Dhl Document.exe
-
Size
712KB
-
Sample
211202-tx4besadfn
-
MD5
d57a8c6be775cfda05331c6eade17990
-
SHA1
355ef1430b4d4a13f3e052c5a90d753f2b3aa217
-
SHA256
755a275609bd07b357f67e004658587babe3dcbf96803542fa31a0aa7c46ca2c
-
SHA512
4ec61523f4436d198fc4e45f528215d9d61084736aa2e98d081c4b5bc705f78edfa905cd9cd166318c752a8310ab5b1bf4cf8ef63a207240305995654aa6b594
Static task
static1
Behavioral task
behavioral1
Sample
Dhl Document.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Dhl Document.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.4plqroup.com - Port:
587 - Username:
vicalee@4plqroup.com - Password:
onvavLf8
Targets
-
-
Target
Dhl Document.exe
-
Size
712KB
-
MD5
d57a8c6be775cfda05331c6eade17990
-
SHA1
355ef1430b4d4a13f3e052c5a90d753f2b3aa217
-
SHA256
755a275609bd07b357f67e004658587babe3dcbf96803542fa31a0aa7c46ca2c
-
SHA512
4ec61523f4436d198fc4e45f528215d9d61084736aa2e98d081c4b5bc705f78edfa905cd9cd166318c752a8310ab5b1bf4cf8ef63a207240305995654aa6b594
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-