General
-
Target
638032b93b24d67eaf5f94ad23a85fbdcb73ff5c0a56e354945fe2c0f679c56e
-
Size
498KB
-
Sample
220521-aqgpasdeel
-
MD5
2b53ece6da68d413606557b32bdc7079
-
SHA1
ecdfb0d691d15466a4e532da58724aa819c0f99a
-
SHA256
638032b93b24d67eaf5f94ad23a85fbdcb73ff5c0a56e354945fe2c0f679c56e
-
SHA512
0b9344a1b6d8f64da931ac5fd092d0039e49d005650b56d81ae2cb4ad1c8ab37716876c3af7ce9d3aec7688b0d53e2d1ad14ee177d1359524dd9662abf9c8bec
Static task
static1
Behavioral task
behavioral1
Sample
DHL_23072020_AWB_998227999_INV..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_23072020_AWB_998227999_INV..exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.wtgriderline.com - Port:
587 - Username:
[email protected] - Password:
T@sz^GL3
Targets
-
-
Target
DHL_23072020_AWB_998227999_INV..exe
-
Size
753KB
-
MD5
0e32ec9e0f671840b3d71e0044960d32
-
SHA1
0733f5c73342f380f6f5b3d1dcbebf0c1af00475
-
SHA256
2449c1f1a898c241fd99ef81dd67ea37db3944708a37a3229f19bf572d7136d8
-
SHA512
f16a828859633c5b40afa0de2087b88c91214c913c1ba7105e2a85fcb2cfebb5cd655b257332b899e028fd73ede35bea0c878caf39ad1b807d238e092c6632bd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-