General
-
Target
c3a599ab8360b1bd31e3964b54736ff9bf22321ce3676a0b9b7d053b5bda6c7e
-
Size
566KB
-
Sample
220521-pfvwhafca4
-
MD5
a8c488791edc34bec612632258460839
-
SHA1
e0386e1651dccbf2d63a705ac5a7db6fb73eaee0
-
SHA256
c3a599ab8360b1bd31e3964b54736ff9bf22321ce3676a0b9b7d053b5bda6c7e
-
SHA512
691c384dc8420e9f246bd4c2bd9fbf467ef8a5c495a577733e8ff91872aaa216683669c5172b062b04740230fd8990a860ce8b761a427ca56682377349ed5da1
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Doc003839803.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_Doc003839803.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
admin1@haveusearotech.com - Password:
admin1ABC223@##!con
Extracted
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
admin1@haveusearotech.com - Password:
admin1ABC223@##!con
Targets
-
-
Target
DHL_Doc003839803.exe
-
Size
744KB
-
MD5
ea88f31d6cc55d8f7a9260245988dab6
-
SHA1
9e725bae655c21772c10f2d64a5831b98f7d93dd
-
SHA256
33f77b1bca36469dd734af67950223a7b1babd62a25cb5f0848025f2a68b9447
-
SHA512
5952c4540b1ae5f2db48aaae404e89fb477d233d9b67458dd5cecc2edfed711509d2e968e6af2dbb3bd2099c10a4556f7612fc0055df798e99f9850796a832ad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-