General
-
Target
b00b58a85311cbe71c5f65cf44c5fcf19429b43351317832e03ff0a62b8ed5ad
-
Size
688KB
-
Sample
220520-3zlntshge7
-
MD5
aab874db1835b51fb71d2f4195a0e8d2
-
SHA1
41942ca55fec01e19e901f90f264edef4d122cdd
-
SHA256
b00b58a85311cbe71c5f65cf44c5fcf19429b43351317832e03ff0a62b8ed5ad
-
SHA512
36e5210ce509545d8fa7189a1010c2cd3d5b64d871b4a695748a3e3bcc8e4b30b4cb279ea839af82dfe5933c5a588193fc7d3a30a0d3d6b6f78a4aee5f343186
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Delivery Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_Delivery Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mosiactex.com - Port:
587 - Username:
[email protected] - Password:
ip(pPiq9
Targets
-
-
Target
DHL_Delivery Invoice.exe
-
Size
873KB
-
MD5
e4754d3f24f868380403973a52fcb1e7
-
SHA1
9a6f8c9233fc40fe84b054ea611bfb95bdf30f68
-
SHA256
e1cb4a0d3813ad837a8a170bdc6674d860d053e4be87562f1808657f57066dd1
-
SHA512
a1c2eb7fc7a4c2ed34fb180fb01a4b9a2cea2e297efbcde0fc944ed5a1e9fac55d79a127ce20c28c24380203df7387a13741b1f14d89c7cef6d804075e59c061
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-