General
-
Target
d705db8b864169f89c2544719290c9a768742fe6767e8d436c8be40ce3d998c9
-
Size
1.4MB
-
Sample
220521-nz5dlsedc9
-
MD5
42b30143eef665405eaa86258e78b286
-
SHA1
76b7b630a6085dbc5e6685c34e83ab21645e940f
-
SHA256
d705db8b864169f89c2544719290c9a768742fe6767e8d436c8be40ce3d998c9
-
SHA512
f431587b57ac4e545f27662b1fee3240410a07862349a0a103f6848c15ca2533a53b94f8fdddc99780351fe731b8527f5432ae5ace406608e87b2112f98ede16
Static task
static1
Behavioral task
behavioral1
Sample
DHL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mailduplicate@yandex.com - Password:
daddyhandsome1234
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
mailduplicate@yandex.com - Password:
daddyhandsome1234
Targets
-
-
Target
DHL.EXE
-
Size
898KB
-
MD5
195b2371b4a09b2d9c15ad1172eecf6c
-
SHA1
f29b535745e31e646baa3d4c11b79e68e5c6c61c
-
SHA256
7cdb6560b9c8d6abd88e0a6a0c836d8fb50bb3c8f786683e44bfc990031072ad
-
SHA512
5ee46369bf4329441d45ea55099ceb37c54ca7acc3caeed3fe2ec22eb1880e6287797cf7a6d5df7c28975403b1d5bc5f799ca29f03928d20187a0823e3e418d8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-