General
-
Target
a8c2ccbe6b51094e555fe11b631334150250905d0ee89dfc8aad100be8cc1e98
-
Size
1.2MB
-
Sample
220520-2qengsaggn
-
MD5
16efd5f4875687e4e417cffee34bedc8
-
SHA1
81be5495fdaa950f487a125de6926e7a24194857
-
SHA256
a8c2ccbe6b51094e555fe11b631334150250905d0ee89dfc8aad100be8cc1e98
-
SHA512
29bd9a5168ca6b34e96937792544d192d90e95daf5c2b9fd0a5ff2654ced5a5b27b0f630f609fcca5235d5baafaedf771c51b90c0713969f98b2ad5f706ba437
Static task
static1
Behavioral task
behavioral1
Sample
DHL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
donttryme005
Targets
-
-
Target
DHL.EXE
-
Size
711KB
-
MD5
711997ec37954514a8ce09446a0750a7
-
SHA1
d7ce953eef214f02d03df4eafa8c73416268ad50
-
SHA256
f70cd1568d92c035119e5bb9e8bf1ada495ba6f31c6d042ac1d98ac3060d59a1
-
SHA512
573a49538e0a64b3d5df1c3ef2a016952102b6c662bb6be25e650e57bf80c0a535f667cbe827a580e9502b36543963df3fccfc64dd958fd824548b898b7ef6f9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-