General
-
Target
3d9ff74d7e54cba0ee08a46cb1e7d7f624398ba949aae2a0e35dd23892bf562d
-
Size
404KB
-
Sample
220521-n9d96saafk
-
MD5
7737856fd67a9b5c796fed1f42b651b3
-
SHA1
17f40840376dc513bd7aae5424c737885b11264a
-
SHA256
3d9ff74d7e54cba0ee08a46cb1e7d7f624398ba949aae2a0e35dd23892bf562d
-
SHA512
0b509181c917c67f0b47c634f99d149b3a463fa61d4ad8af8248ae354dd519fb5dd548bd50904043608e82cf0af1e2efe4b3558872c699378663628d659e985f
Static task
static1
Behavioral task
behavioral1
Sample
DHL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
mrcvr@tronois.com - Password:
mmm777
Extracted
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
mrcvr@tronois.com - Password:
mmm777
Targets
-
-
Target
DHL.exe
-
Size
475KB
-
MD5
16135ed5d62f8ca7f63ba5a681e9efa7
-
SHA1
7a963aac589f84f446bef0b1758879065e4d3780
-
SHA256
c0c639e1f923a3dd8e88f2ee1b6a397db9f62c5688f6e04181f43f8b950e8914
-
SHA512
d84c7f051d2b696a8b7b83db87c6786375460f4f4463587ba0534f28db54a6cb378a2162c745f45a46caf4a1176028933b642ee628199e119e5e4844fe9c212a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-