General
-
Target
a49d00a9871ef796b56370c6773587fd64107d00858df42e65a5b6c96d306d04
-
Size
701KB
-
Sample
220521-aatc6acgcm
-
MD5
80fb5cc08a4106dfee8fa2ebbcefa0ef
-
SHA1
3b1125c97861918f546f344a99607eef8d91bcc3
-
SHA256
a49d00a9871ef796b56370c6773587fd64107d00858df42e65a5b6c96d306d04
-
SHA512
6d7796aad58426dfa756b11f65aaaa75d0a0c81fc3d8b8b24c6c31aa491cad6ef220dc4f72f63f0fc048d4dc3c36e9d18a2bad059a55dfbd8c480c55fbe1825f
Static task
static1
Behavioral task
behavioral1
Sample
dhl_doc7348255141.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dhl_doc7348255141.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.waltartosto.com - Port:
587 - Username:
[email protected] - Password:
pZQhjl!9
Targets
-
-
Target
dhl_doc7348255141.exe
-
Size
885KB
-
MD5
31bbcf0d50b50476c9c7dd8399a8a4ee
-
SHA1
4405c5619e9d343f1f5ec995afd7f5e52793d2b6
-
SHA256
9c8eb9c9b67abe15ffbe4d7589e59173f56a38a853bdb079362297270fdaf4d2
-
SHA512
fcf0e96d023678f69e86fc6bf03699fdcd16b37aa75a963ae49655d1b1e8120fe5d49967b739ad4169d65d225b7e460f60e39cef1e042d463af69be70679016b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-