General
-
Target
DHL Shipment Notification 1953341372.pdf.exe
-
Size
468KB
-
Sample
211203-tdya3abhg6
-
MD5
621452b83a5cdf0a1e03ea6d3c56c595
-
SHA1
0710b1580784a673daeaef5aeb259f05df5aee1e
-
SHA256
8bd946b1e3dc26464602dfc0f7de0b2bb90637f4774213c7dcbea93dcc0e02fd
-
SHA512
ce9960e5b0c534186a547341130422e2f6c76983f5d03a0acb88447997c412aa3927c5b2b8725036ad10e393fe1895f2ac0972f35b8b712479d73f2e9f9830ab
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipment Notification 1953341372.pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
DHL Shipment Notification 1953341372.pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
negozio@depadova.cf - Password:
graceofgod@amen
Targets
-
-
Target
DHL Shipment Notification 1953341372.pdf.exe
-
Size
468KB
-
MD5
621452b83a5cdf0a1e03ea6d3c56c595
-
SHA1
0710b1580784a673daeaef5aeb259f05df5aee1e
-
SHA256
8bd946b1e3dc26464602dfc0f7de0b2bb90637f4774213c7dcbea93dcc0e02fd
-
SHA512
ce9960e5b0c534186a547341130422e2f6c76983f5d03a0acb88447997c412aa3927c5b2b8725036ad10e393fe1895f2ac0972f35b8b712479d73f2e9f9830ab
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-