General
-
Target
be6c1849f568d1736087f004e0fb75dcbc221d4a1a63998419990285bebc48cc
-
Size
1.0MB
-
Sample
220520-3wsyqscebp
-
MD5
3f7c62f6572ed8a81fce2def654d0157
-
SHA1
eba96d5a8b64b9f6918498a6124282b915dfc85e
-
SHA256
be6c1849f568d1736087f004e0fb75dcbc221d4a1a63998419990285bebc48cc
-
SHA512
b92fee509c4ff64da57f407c2fb6c0e94842a802027ecbf83faef0096d37f8986b5a86159c01ad0a699cbb8c4ac84c6bb8c3eab239480aefed95fd0bcf16abe2
Static task
static1
Behavioral task
behavioral1
Sample
New DHL Invoice 573872845.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New DHL Invoice 573872845.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Your new invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Your new invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.greenhornechem.com - Port:
587 - Username:
[email protected] - Password:
^fpNyGmQa2
Targets
-
-
Target
New DHL Invoice 573872845.exe
-
Size
659KB
-
MD5
fac51bfe1db38adb89c57a70c2287dfd
-
SHA1
fd2f2552833a13ce23a30c55e04f7f6a052facff
-
SHA256
0ee26158f40d4a860856ff386d263c60e2cfa62fc32624f1b20bcf5995756663
-
SHA512
1eee39bd5bfe69c43874ea9f8912e52b6d9bb8f68a638a3ad4e899078ef6d5d4e4f57c1756477d05bf7142c661cc360718d4c7b0ce9067443a25f42e7b27e37f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Your new invoice.exe
-
Size
708KB
-
MD5
02420e23c994fe9b27f459a0e0cb414a
-
SHA1
7e5b848423bc957f12a25907bafeeef7c97c3966
-
SHA256
d83429370b6d814b6ff67dd1736424db4e11e39ee745867f09c98f49fae4e1fc
-
SHA512
36f39db5a1e28dcfcdcbc6aa84d5c94be3a475ff95041fe21cf8f32c8d44a54fb2db1fddda322b9b9f85163152a41f905d95f93895455873c770da876430c3e3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-