General
-
Target
b3c13cb780ecc9d7fefee63e8e683c4952b9f98635ec1dda03f1b6676cd6784b
-
Size
282KB
-
Sample
220521-nxvrdshdcq
-
MD5
5117f3531127fc3865b14fd443e13387
-
SHA1
557d28f148c7ed739da2067e82353130d2a6f2e8
-
SHA256
b3c13cb780ecc9d7fefee63e8e683c4952b9f98635ec1dda03f1b6676cd6784b
-
SHA512
b506ad165e8c14383d1d281080fa8c5ebabaf275293267efcbad30999d9162847b8cfdf5306e0fdaeb47adba4b30a62052377dae8a8243547e26581032a6697a
Static task
static1
Behavioral task
behavioral1
Sample
DHL 6357297368.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL 6357297368.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
DHL 6357297368.exe
-
Size
336KB
-
MD5
9118f9f8b1d175fb1b630c12d8ac0f80
-
SHA1
19de76f7138e1842bb678983bc7230adcd4b84f1
-
SHA256
bda58e31e45ea822d7b59a1cc4421de12393f9f955a0ba51837040e9ed8547ca
-
SHA512
cc82d27353511bd3c7d7e8bfad5e00c768deb36bc23eabaabcb6ebcffad2c8044e2ef2677eaea8120fa98ce2270bd70197694e26144812add63adeec7d1a2739
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-