General
-
Target
94aa795173bd08d2942cdf65abdde7c4c0d2cd8bb182a3b7d57549998c293971
-
Size
475KB
-
Sample
220521-ner8jsdeh6
-
MD5
1f0f8e85dccfc084c06c86f9c03ac5be
-
SHA1
721e933b63f297be732369913a2efb8af6a57973
-
SHA256
94aa795173bd08d2942cdf65abdde7c4c0d2cd8bb182a3b7d57549998c293971
-
SHA512
2371c53f2e7b1b281872a2fc4997656a600725c4eb679a3f1357572ff9b56ba6170092ec19d57ad4ab863369aa1626a6ff176a642bbc5299ca764470c647b1cf
Static task
static1
Behavioral task
behavioral1
Sample
dhl_doc7348255141.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dhl_doc7348255141.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.waltartosto.com - Port:
587 - Username:
e.fasciani@waltartosto.com - Password:
pZQhjl!9
Targets
-
-
Target
dhl_doc7348255141.exe
-
Size
587KB
-
MD5
4a207bc2faa2b0d6b65ec3679972b1d5
-
SHA1
538b2e4d42c7a62fe701802dbfc7644e3ffd8f22
-
SHA256
e53bcd253a30c4fdfbcfe230fadf4cfafa19dff6c10d461041fa2a405e6f1f8e
-
SHA512
1dd6f641c1cd79a277f9df8d888044185f9b6223375655e0814769811a66fe9030ff3cc85dd18765775a9b8e50393a94aeda7433f9ac64e774fc193d058e89fd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-