General
-
Target
75f6f20718312c0ff205aa976d495a1e47fb3c7d3ac614320d5045d98ea86e9a
-
Size
1.2MB
-
Sample
220521-pj7z8sfdg8
-
MD5
04449bb8a34f2cb689d31a282c6a62bb
-
SHA1
11401d899c0e1cdbf4f4a2fe3aa57f65ebfe673c
-
SHA256
75f6f20718312c0ff205aa976d495a1e47fb3c7d3ac614320d5045d98ea86e9a
-
SHA512
8c9715c86fc2dd1a462cf388cc69b4c132bd783a7e54d0c6884fd3fdf48944e171b563b439dc6ff4a6623e8a2bad07824d213dc6eb4697112128215045027a43
Static task
static1
Behavioral task
behavioral1
Sample
DHL_PACK.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_PACK.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
surelylogs2@yandex.ru - Password:
uzoma1989
Targets
-
-
Target
DHL_PACK.EXE
-
Size
393KB
-
MD5
30f866d96f91763ce18e90684b8fc9df
-
SHA1
cf78a4e3ca271270e3063afe251b9130b1e097c2
-
SHA256
9054664b281021c3f1b59d7672f3633994256697514d2b810e1607541c553212
-
SHA512
f7bb9923f5cb125fc8d8b8beecc3571fb13aa6ad4b8d973d4b83a16e451f48de1042f65c806677edce4ad11efb0e0311a9b7868edd82d7ed2b79a52a80e1465e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-