General
-
Target
8f56128a9a34cb436de763077bac5bd250cb8ab8596bc71d17d8bd3f8d0e5d9b
-
Size
364KB
-
Sample
220521-affz1sabe4
-
MD5
2ba270e0fb049067606af1cf9ac3583b
-
SHA1
c8ee66e95f7dfc192a33ce912ce3a716cb33a532
-
SHA256
8f56128a9a34cb436de763077bac5bd250cb8ab8596bc71d17d8bd3f8d0e5d9b
-
SHA512
87177cc7c6f856492684e24b6694000630510af2bf647ce3a9cf1376f37771794ad218d2a5339def1c0457c02999711f7e606da9de7ad0f4776ed3a162a7964f
Static task
static1
Behavioral task
behavioral1
Sample
DHL Shipping Document.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL Shipping Document.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chinagrill.co - Port:
587 - Username:
[email protected] - Password:
SnIVrXH!]f1q
Targets
-
-
Target
DHL Shipping Document.exe
-
Size
549KB
-
MD5
b651533ed654a64c4e72d09ea969739e
-
SHA1
01c157b41ab07fe9ea2c67dee25656a87f8e6bb4
-
SHA256
d7b503c1065388c0d28b93528745be46f6fc80ba358cad50ae05302785d1834b
-
SHA512
aba61c7c988fe174d5f45461c564b7db068e0ec0a74f05e5531aa183139e054d3d03e2ffd4fa52412926876424bcb6de306b9d1121ad73cd75718260b9b5d3a0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-