General
-
Target
0ae65b19fe6b5d501853314fc933ca799820ddb458bb4264ec1e462c741dc1ae
-
Size
272KB
-
Sample
220521-bypkjsfgdl
-
MD5
525858682f510e497eb88d398c45083b
-
SHA1
86336f536bd86727ce793d9444532d0b633b8a64
-
SHA256
0ae65b19fe6b5d501853314fc933ca799820ddb458bb4264ec1e462c741dc1ae
-
SHA512
9cf55b753bd2a65d5572c5d3a7490110f044bea5e2c403c36bf08957fc70038b0256ea8696738bec085aef7d2fe5de924beb62494f91cb3a6e828741bfeb99ba
Static task
static1
Behavioral task
behavioral1
Sample
Dhl Shipment Bl Pape % Documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Dhl Shipment Bl Pape % Documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.gruppoei.tk - Port:
587 - Username:
[email protected] - Password:
fC%ROLz}R,(*
Targets
-
-
Target
Dhl Shipment Bl Pape % Documents.exe
-
Size
661KB
-
MD5
d3e448f4a6977cf1ada78b06d98b99d1
-
SHA1
a9946cc0334817c714639e533376cf7ff6337aba
-
SHA256
fbfa1fd030f6c63104868de7dc73436f4f6c49635b3d25effa4f7423df2349b2
-
SHA512
904fc80f94a683fd37f6d647b7836214cb6684b0cc4511aa1a61b026cc0b846dc1ad107ea896fd8a97489ac22671c07f59817a1938a473173b925001de921fa2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-