General
-
Target
9e1297ba1caf91e23ccf9f87ce9ad16f845740ed29b248b19cdbd69e89e72051
-
Size
485KB
-
Sample
220521-cxawfaefb3
-
MD5
b0c6dc4ac64fe7b6bdf82f423edc8fb1
-
SHA1
515790229365c358e7abccf0bdf9f33038b8e26e
-
SHA256
9e1297ba1caf91e23ccf9f87ce9ad16f845740ed29b248b19cdbd69e89e72051
-
SHA512
b9383663c2f4e698b23298320e9cd7bf7f47170ae7d5e651ad9428f25d02b29cfb4003abe5c2735545c8b34ccec82677c1b791049c3320487763f30f04a281a2
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB #1008936572891_pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_AWB #1008936572891_pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rulmeca.co - Port:
587 - Username:
[email protected] - Password:
jbinkowska@123
Targets
-
-
Target
DHL_AWB #1008936572891_pdf.exe
-
Size
580KB
-
MD5
b513067d4f9f767961d0f2bc798e0cf9
-
SHA1
5f08038c10344fa9028a5c7c9aab4fd00c73eda5
-
SHA256
0bc02b5ed2a298e9b8859eac4c03ca7b0ba2ab7e00a3b8477967428cc5f4d88b
-
SHA512
6b8045b902a8e2a0e06ca400c1540a40963413bfb7acb161941d32816b9431c75df9e106345daadd90d247d9fe083db9e8aab20222112338d8beab37a115b8dc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-