General
-
Target
704815bb3cd207aa80a589a34a00fa60fdd88eea292b81615bd604c9b749629c
-
Size
401KB
-
Sample
220521-ne7y1aggbm
-
MD5
30fe5f28313c20ad3b818b1d55bd8664
-
SHA1
fbb9f05e41f66f3077f2ab9ec9c35d5156af75e7
-
SHA256
704815bb3cd207aa80a589a34a00fa60fdd88eea292b81615bd604c9b749629c
-
SHA512
84f249e636492e3ad56b46d2896f0fce950b7196d6df3a217ec901484c7dd7d62005831e71a0b0a6d22e359db7ed53730a72d4bb7f56cec8d0d9ae3df9056bd3
Static task
static1
Behavioral task
behavioral1
Sample
DHL KULI500796821_PO200000035_SCAN DOCS.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL KULI500796821_PO200000035_SCAN DOCS.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
houstondavidson@yandex.com - Password:
faith12AB
Targets
-
-
Target
DHL KULI500796821_PO200000035_SCAN DOCS.exe
-
Size
562KB
-
MD5
4744355f6e6c12a57c90eff4fce7b3e2
-
SHA1
00a74c07b570b677a8f2a836dcb6b114f5c0b053
-
SHA256
f7528188692c18bb7e9f48e7951fecee4ce70e99e7787e0ea48ea80bc8cc1fe9
-
SHA512
fb8ca136394d0da730eef83cb1afeceec0c23d549acd8ba608dcd4e743136185aa8049814d881af9694f104e7ba79acc58866b7afdf7145fc0df23cc289c305b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-