General
-
Target
f183afe99d57987a29315da21c77a6d6a96f9bb38871161e3d53a4d21fde0725
-
Size
398KB
-
Sample
220521-cat1ssded6
-
MD5
95db5c324d2b1b652e3ee8d6f4c74a2c
-
SHA1
697565b4d93d83ec1d59319491e436830a82d27f
-
SHA256
f183afe99d57987a29315da21c77a6d6a96f9bb38871161e3d53a4d21fde0725
-
SHA512
07bc27d1aad20948d2b55658a3f1d03d6f0c71b44e3b6760d021eed9ed72266c20d73ecc061574846b247e0e6a04ac1b39136da80aafcfc3dfb6482146b19c61
Static task
static1
Behavioral task
behavioral1
Sample
DHL_overdue account letter.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_overdue account letter.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
DHL_overdue account letter.exe
-
Size
458KB
-
MD5
a33dbdecdb343c3ac0c84e514f13d113
-
SHA1
2db5cbc0dda1bc192f1886f259f177a92e2e595e
-
SHA256
c87d0af1b7d984327de7a8e4a46c3d8b2cbfe2c6e74d3c31e158b7d92e42226e
-
SHA512
337a2e944bcd95e5f8e45e10f4f075b30a152df24eb19d69cfef849636f9868a1fe8273e511b1fad805c15aedd0d3ff7444614d54da0e61fd9b2f25141ab9da2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-