General
-
Target
2c692439a5a738b952e7be310e3fbf90a3d965b73f8b3c445ea1243d4ad79056
-
Size
373KB
-
Sample
220521-nfnazsdfb9
-
MD5
9559870734e924226ecd7c678c361bb3
-
SHA1
5c45f33811bc44102b5aa8e4f49ad90c40c6bbc9
-
SHA256
2c692439a5a738b952e7be310e3fbf90a3d965b73f8b3c445ea1243d4ad79056
-
SHA512
2ba11e5cafb16c9fc941409dc46f88f00c100b9bf7622d11358de05e20dd1a2d98d6a152eaf580aaabedae9727644e40b0aa0136912c8102b2101e3e515aeecb
Static task
static1
Behavioral task
behavioral1
Sample
DHL-#AWB130501923096.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL-#AWB130501923096.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
faith12AB
Targets
-
-
Target
DHL-#AWB130501923096.exe
-
Size
533KB
-
MD5
6b880b358309ffcf258d03fd9fd1b161
-
SHA1
23bdd4f8c6b63b155fb083c782a04fc282d41ae8
-
SHA256
3f7417d4b9f49c910340aa5797f17cb9899543411e476aaca96fa314ee4d5397
-
SHA512
ff50a211344bbd7e34c1b9505bb53451a6766696aa19bb24fda19fb5f9bab905c57c7673380216e846430faf833e4bc22699553807d51fe593a82097e2e89e28
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-