General
-
Target
114715fd595f921a2f53432580cb26c0701889a261f27898c3adb5fcd3c85d77
-
Size
386KB
-
Sample
220521-byc7hsfgbq
-
MD5
6ba5e9d976725e3312a2179106c693c0
-
SHA1
488f9b247485383f15216ef008035f64cd728ed4
-
SHA256
114715fd595f921a2f53432580cb26c0701889a261f27898c3adb5fcd3c85d77
-
SHA512
a1b93937e9632459110de768551aaefb7ceecb849d74921fba6be0de1a1550f1671bb9097e0df8d0fb55bf108f19b34f330660ca1c075999c592498ce3dd2235
Static task
static1
Behavioral task
behavioral1
Sample
DHL Tracer.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL Tracer.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Mummy212
Targets
-
-
Target
DHL Tracer.exe
-
Size
476KB
-
MD5
f927ffcebf123c54c24b69a9f9f54d95
-
SHA1
e41b24b92d2888b300f2b83914b2c2c2a35da5b4
-
SHA256
098081d46fdcd470aec4d1e75d2adeb27af1e7cb8c4930ce21e3b1ea781a8df2
-
SHA512
088623d18d34cac2d73026756b38ee8d4a4de47084c4db8a8b002010e11e211f8ed4e66bf7498cd3c26731151f1dc91d71182795ac342cba59c67118f595abd7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-