General
-
Target
fecba050d8a6fe8a2caddb4a560aa7574783d6efcbb49fc6bb64f061d858d5e8
-
Size
413KB
-
Sample
220520-3g8ewaghd8
-
MD5
9a5902e78670ee14b28741061809cb97
-
SHA1
baa10ab5abd3825cd5f493a9a727a2a50acd5a01
-
SHA256
fecba050d8a6fe8a2caddb4a560aa7574783d6efcbb49fc6bb64f061d858d5e8
-
SHA512
b374318055d36e59c746dcbf901b1ad3e96d6898a8831e03b88fd6fe74851b6b7ecd31fec72c8d3b330a11ecb533d85bfd14b0cd9fe2e35f1161d4f3237be43c
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_AWB.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mosiactex.com - Port:
587 - Username:
[email protected] - Password:
ip(pPiq9
Targets
-
-
Target
DHL_AWB.exe
-
Size
445KB
-
MD5
bd19d134f36929541ac967bee7e3e2f0
-
SHA1
7269ae1a053a6bea200d81eac61e2fafeb111588
-
SHA256
7be323fedb7e61592a97676ff71f8db5f55c98d6dfdfd1845b11ad087e55bc57
-
SHA512
d0e1bf1dc95e47fbabdbd311b4fee07185f6be6ac1eaf431eec74add5aa9e032668d8c04ecadc0c35bf2cbd376a2d7337af5496a0fbf8aa1d3be768be21eced3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-