General
-
Target
c97a4c93e550502baa51694a07a87ff0999288bb5aeeef044ade8c82f864ed9f
-
Size
375KB
-
Sample
220520-3tk54shed2
-
MD5
0774641ca30f4032f101c523d01c3489
-
SHA1
a2d42fcfd5f9f151cc2e9b26a5b09074e2b7f7b8
-
SHA256
c97a4c93e550502baa51694a07a87ff0999288bb5aeeef044ade8c82f864ed9f
-
SHA512
4770146599650fd36f8e917e21f7be17090f780a65ff69fafd36fee9c52c8a427903cae92972a350bcb91cc6e3c374af5495589c341bd261f9af596b78262cea
Static task
static1
Behavioral task
behavioral1
Sample
[DHL] 7348255142.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
[DHL] 7348255142.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
atk9202
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
atk9202
Targets
-
-
Target
[DHL] 7348255142.exe
-
Size
542KB
-
MD5
0043cc269ef53ad28a4b1339cd3b0aad
-
SHA1
b39c9581ad34c6733d4a75104fad34dd21147bee
-
SHA256
20486793ae98833178cb24180d58511ac0ec100a3c341b7a956b95a13cdd1e72
-
SHA512
a3c5e7dc1f37a6fa9e9c2d626b6e901b404200d40a07fa941302ac4f5e59bc9a8306119c069c9e8b6de0835b0dbd0c2c958410f468baa28a5f8421bc6a0ef1c1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-