General
-
Target
aca668c90184195a053af9c46b7c920733c941dc7986403f9a218bc17af4ecf5
-
Size
390KB
-
Sample
220521-csyfyaedg6
-
MD5
be9d1579d142df097f6fc1450c412e04
-
SHA1
5a8953d89464f4778be9e3ed8e45976c3b1f52ed
-
SHA256
aca668c90184195a053af9c46b7c920733c941dc7986403f9a218bc17af4ecf5
-
SHA512
e96f805da9a220cbc8b8987219141aebeabe9b10d8fc993e5121de505179af6a5dac19e702b07f9180bde17e151122e48103657b37530e22486ee7d9423ac37c
Static task
static1
Behavioral task
behavioral1
Sample
DHL TRACKING AWB.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL TRACKING AWB.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
DHL TRACKING AWB.exe
-
Size
431KB
-
MD5
04ee28357218fa30d113db9c8d775079
-
SHA1
619d2ce20b1ae15f0fc0c6dd4d6b659271ed71e5
-
SHA256
7ae58eeb4ed1bd534122941fa3bb1c2971a982497566757b7a4b062c2756745d
-
SHA512
b7f9826b56e38990a4ca1522487533aeca42a3e205f1ced89d6e46c05b17f1383f8eaf5064bb8aebcb139878ffb97e2eebb3bdbef869bb3cc7e5899e24f140f3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-