General
-
Target
39320ab74fe3f6fa6ec7fc0c8bcf4b089bf763dde01c93caa5edeab6dbb4db28
-
Size
626KB
-
Sample
220521-az3ywseaer
-
MD5
d1a7dac01758a58e4aada8b226674efe
-
SHA1
4753f48d55a44ac26c79450d1e8d8438bcd9ccdf
-
SHA256
39320ab74fe3f6fa6ec7fc0c8bcf4b089bf763dde01c93caa5edeab6dbb4db28
-
SHA512
5ee78cb03a8663d9f4a9c38e86a5704633c85b8f755ade090f15e2981303e858cfe5a2b18114f513fba32fc3881679fa6a5d61614b7f353e41a1edc2dd743b62
Static task
static1
Behavioral task
behavioral1
Sample
DHL_DOCUMENT_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_DOCUMENT_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dkmmotors.com - Port:
587 - Username:
[email protected] - Password:
H44;UgV5.R(b
Targets
-
-
Target
DHL_DOCUMENT_PDF.exe
-
Size
573KB
-
MD5
312c0bfeb6929a3da423663a3c403c9a
-
SHA1
217594abfa972072384d91f18c9a29095edcf9e7
-
SHA256
2fac92f45be30249eea9927ec6f5587580269c81d73503ce11bb8e3979fe3286
-
SHA512
d5d4b682274514bfe61ee6b18eb732c75174a9fbf7a2f6c71ce50dd575bee01b53414031e608f8df4af3f0c50c2118518f05570f7260a9b8c729e1c6ce07dfc8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-