General
-
Target
Your new dhl delivery needs your attention to complete.zip
-
Size
654KB
-
Sample
220521-lqgj3sbeg7
-
MD5
3091b9965de8e026e855cf987070550d
-
SHA1
a49e51847fb77bebb9c8e2f84f49214d4c790e35
-
SHA256
0f2179bdea52208747bcd067addc90ad13120aa936c9bda8c319a51b6d8715d0
-
SHA512
6c93ee76140847fbe0196cf83b33211a8537e028db7586fe847574e829ebd28158290d89961c85e58cb9bde7c3d1d572914ef78eb036610c84dcf65bdbed1736
Static task
static1
Behavioral task
behavioral1
Sample
Your new dhl delivery needs your attention to complete.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Your new dhl delivery needs your attention to complete.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocument
Targets
-
-
Target
Your new dhl delivery needs your attention to complete.exe
-
Size
300.0MB
-
MD5
b41efc1903f715c9de2bc95f2658fec8
-
SHA1
9ed3a81ae8a2c32a35b67df0d640cea7e18dfbc2
-
SHA256
53cdcdb4a33a697bcc90680e2e9b8e757b1ff04c0ff75acbeb86434d0aef6670
-
SHA512
63680e9bc9bd1c65bd8507a44cf54cc4548728b2a5fbef143b990c026e4f72ef80c2b2b06072d36da5480bfe810384b061001dc6140c968ef4b68468edf410d0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-