General
-
Target
1b21f060f7dc8b51ad35605b028f65b6bccb8d84aef03fe334224640d8e91fe2
-
Size
456KB
-
Sample
220521-nxsa9secd8
-
MD5
2df9deb48f3cd0dd9fa396beabd167b0
-
SHA1
57dc684217ee349e1ddc83574bc2a579f9427a70
-
SHA256
1b21f060f7dc8b51ad35605b028f65b6bccb8d84aef03fe334224640d8e91fe2
-
SHA512
b096abb9de6ba3884fec6255232820b0ffa37555d9ef8412861bcf570f4db98f58ac1c5a0bcd33bb9b5607475d210ca00c537293becb0ae2a48fff3541fbfdca
Static task
static1
Behavioral task
behavioral1
Sample
Receipt_095882247079Dhl.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Receipt_095882247079Dhl.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Receipt_095882247079Dhl.exe
-
Size
745KB
-
MD5
6bc2a140c4e6cd0ff72548d0a9f3613a
-
SHA1
4b15c4122c4f761bb827ad2516c25b69d6d165f1
-
SHA256
982d2699709d7a024a542a4f771a544cf987ce8d8f15cfa3dcefca157b251e3e
-
SHA512
eb8e15edf7a7d476e4ee37dd92b304c1073f1081076a1503b0c2e386aa08d252a99832954507a8dc480fdcebfa3cda2b362567be9552ec8678f5a04fe2332c2d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-