General
-
Target
d45ee13d150ef45e1d99e0dfe030c5048012c22790b64e45c54acc5d1103c623
-
Size
458KB
-
Sample
220520-3q83rshdb8
-
MD5
11a684e4558fe9942a6f37d86d9e761a
-
SHA1
8c6cff52bccd41cca984f939f56fb0b047f60c7f
-
SHA256
d45ee13d150ef45e1d99e0dfe030c5048012c22790b64e45c54acc5d1103c623
-
SHA512
1df7b9a5230e9cfc89ae549b068a87d2434a491db2632d36ee2b34cb7e7034bb0d3f7f0f86217189309ef2dbdfe255934e348861dca43fc0530f972b9a3eb8a4
Static task
static1
Behavioral task
behavioral1
Sample
dhl_doc7348255141.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dhl_doc7348255141.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.waltartosto.com - Port:
587 - Username:
[email protected] - Password:
pZQhjl!9
Targets
-
-
Target
dhl_doc7348255141.exe
-
Size
564KB
-
MD5
e739df7351d40a3ca22df1f8690ae392
-
SHA1
a3d8efc917bbacf8bbaa5356a46b99546a83486f
-
SHA256
e93afd4067150bd662214a18a87f226e8b50729186caf728ef70d71eb4510094
-
SHA512
7f5bb95118bda066c019e06cc1f70f745a576ef84f156a06d0243c7e6809cd1662812c2c80f567fb05a7fd786e73a786aaa08ff9366a4c4764cf8dfbe9733b87
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-