General
-
Target
d035b27186a3d24693b877c51b2eb89e2ff5515058345a8a71679ae070f7ee54
-
Size
676KB
-
Sample
220520-3sea6sccgj
-
MD5
0cbc9ee9e036e24df9344ceec5f83cd8
-
SHA1
d0ac41c6ea725f264e72544c9eed8cf0ec156648
-
SHA256
d035b27186a3d24693b877c51b2eb89e2ff5515058345a8a71679ae070f7ee54
-
SHA512
da138bda2cfcb4c39dbcb9076fed04ef56e834fdf215c0947fd9aee1064fd7fa0f6823e9fef5bf0eba3a496a27b115fb60697fdb7c128e35804fff070bb3ae8e
Static task
static1
Behavioral task
behavioral1
Sample
Parcel Receipt.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Parcel Receipt.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
elchapo
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
elchapo
Targets
-
-
Target
Parcel Receipt.exe
-
Size
614KB
-
MD5
23f2c4ad0f797b678999e6a8124e5adf
-
SHA1
f1865c4989493fb3f9401a58f5189cb5b6fbc769
-
SHA256
98870d9c6fd20e8f2737274c3e20cf222b0c82428e77eb470863f10b00c6838c
-
SHA512
02606595b0c746fecac3a40c60f8ac3268f8e46a001ca6896f6f0fb6d89f2e1b1a29aac4b8b8896b84e7e9b7d15bc9173f12e109cf34587ba660d96a407c6f71
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-