General
-
Target
c88315e2b28cc1c1f2524c161c5b28ee5d88a8d337e630fbfa565fd29135a8e6
-
Size
691KB
-
Sample
220521-n9f4rsaafm
-
MD5
a4f6c7e7dfaf5d777b1d8fca61a33f09
-
SHA1
e918948fd4e331d71b7294af91644045c735f4e3
-
SHA256
c88315e2b28cc1c1f2524c161c5b28ee5d88a8d337e630fbfa565fd29135a8e6
-
SHA512
7ae1cdac6089496682cb6200c526fa94ee73afe3776bfde812ce5e0b75074bad51beeae26d1ff749a955d39570e79472c937063d0d0bcd712352dd874171281a
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB_doc_9882900_1010840355_10108.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_AWB_doc_9882900_1010840355_10108.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.tpts4seed.net - Port:
587 - Username:
originality@tpts4seed.net - Password:
krested123
Targets
-
-
Target
DHL_AWB_doc_9882900_1010840355_10108.exe
-
Size
851KB
-
MD5
5b556cdfbc8f5564138af8bf10548657
-
SHA1
92e61454e8141e7486644bed26d1d97481bf5437
-
SHA256
c23108d7feb57c5b03d979f0d22dff7c6040d2e27f288e4e2812cb428ca24c2e
-
SHA512
9b7329f8821de11ceaf3d40496cb1957f30f6e0f8c2c7da6c7805b7555e42bfe88a66651b6a797e141313f3623d6962ad65b22e549702c939b94a164c9ab1530
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-