Overview

overview

10

Static

static

DHL_AWB.exe

windows7_x64

10

DHL_AWB.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fecba050d8a6fe8a2caddb4a560aa7574783d6efcbb49fc6bb64f061d858d5e8

  • Size

    413KB

  • Sample

    220520-3g8ewaghd8

  • MD5

    9a5902e78670ee14b28741061809cb97

  • SHA1

    baa10ab5abd3825cd5f493a9a727a2a50acd5a01

  • SHA256

    fecba050d8a6fe8a2caddb4a560aa7574783d6efcbb49fc6bb64f061d858d5e8

  • SHA512

    b374318055d36e59c746dcbf901b1ad3e96d6898a8831e03b88fd6fe74851b6b7ecd31fec72c8d3b330a11ecb533d85bfd14b0cd9fe2e35f1161d4f3237be43c

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mosiactex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ip(pPiq9

Targets

    • Target

      DHL_AWB.exe

    • Size

      445KB

    • MD5

      bd19d134f36929541ac967bee7e3e2f0

    • SHA1

      7269ae1a053a6bea200d81eac61e2fafeb111588

    • SHA256

      7be323fedb7e61592a97676ff71f8db5f55c98d6dfdfd1845b11ad087e55bc57

    • SHA512

      d0e1bf1dc95e47fbabdbd311b4fee07185f6be6ac1eaf431eec74add5aa9e032668d8c04ecadc0c35bf2cbd376a2d7337af5496a0fbf8aa1d3be768be21eced3

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks