General
-
Target
029a11ba56840baab4347beecd59431e3709b01f9aea85e711fd618b121fa6be
-
Size
3.2MB
-
Sample
220521-pcyg8aaccm
-
MD5
941902d0de6521973649ffbee54c7c18
-
SHA1
ef5f511043f80bd3685b7ddede261059451f6e7f
-
SHA256
029a11ba56840baab4347beecd59431e3709b01f9aea85e711fd618b121fa6be
-
SHA512
955b6c6295f46eeab11e6c6c65e79e5da8dcd252e010c48999770db29a1253deb9c1e839965418d29833730a5679320af9d65c1a9e6339ceab997a117946211f
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB #7849402748,pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL AWB #7849402748,pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
log@fuzetec-tw.com - Password:
mmm777
Targets
-
-
Target
DHL AWB #7849402748,pdf.exe
-
Size
3.6MB
-
MD5
9e99a4fff1fd05c732ea969f7487021c
-
SHA1
f77cd13be30627cf07d5117a55881d93149e8d36
-
SHA256
649dcd10ca137b9ef60a6725714d8b48781b7db63b3802281e5d739dff31d1df
-
SHA512
f2cb9f2b80598ac41f0b23a03d895b3eab0e49e9575d7d31c79719cb21905a1107537aa64550b6693dafa4f906ea1bc6ab28270377ceed6c8fb8d06dc1265639
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-