General
-
Target
b0e52d7e74bb3af7ae127e735fb4df7f6db72311d97a4cecc380c9cfad327b4a
-
Size
403KB
-
Sample
220521-n2matahfcl
-
MD5
74feb1c267d6f4654e0b34da6712de7b
-
SHA1
cb10ac7973c0ea7b5e295a927a24b95c3bba7e08
-
SHA256
b0e52d7e74bb3af7ae127e735fb4df7f6db72311d97a4cecc380c9cfad327b4a
-
SHA512
ebda5b132f4357492b9957b31b370bdb70f7f96887e931a8396ada5400685c9a0e2408a012bd03e64f9efc3bb901c62e5a4af5c99b20fa72076942e671561e6a
Static task
static1
Behavioral task
behavioral1
Sample
DHL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
DHL.exe
-
Size
475KB
-
MD5
6ee50ca2130c2b82000373150dcfb9fe
-
SHA1
23569320d7658419009d7d3c078c8bfcf8596af0
-
SHA256
f84199d9f7c49526677334431b530d77bd580c7fd961c960c2c51a34ce148566
-
SHA512
2ce08906dfdcaa53a5e9a9cf35348f990e26db84541ef1e41c138850a5bba867dbd03ecba55da64a60344dcd0043593d7f36b3fdbcb7dba4481de21855917362
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-