General
-
Target
14a8dc48a92695ede4638dbfd725d594da0a0483862311e0249b3c88a69b8b81
-
Size
1.2MB
-
Sample
220521-pn1rqaffh4
-
MD5
2af11fd617811cbdf30a35c8be909138
-
SHA1
1d5bfc0fbb607d22af7740383603812e529db721
-
SHA256
14a8dc48a92695ede4638dbfd725d594da0a0483862311e0249b3c88a69b8b81
-
SHA512
acfb7595c9051bdd953c3ec089257fb13082559d950ede75f25087f531d9cf8985cc898bdce7944c3f08d9feaa61cf9e60914dc8a05874857c0a27799fbbdd62
Static task
static1
Behavioral task
behavioral1
Sample
DHL_express_package.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DHL_express_package.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Documents.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Documents.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
johnwebb01@zohomail.com - Password:
UY$W4+]^+9;)7CF5
Extracted
Protocol: smtp- Host:
smtp.zoho.com - Port:
587 - Username:
johnwebb01@zohomail.com - Password:
UY$W4+]^+9;)7CF5
Targets
-
-
Target
DHL_express_package.exe
-
Size
591KB
-
MD5
16c3bb1063950e08cad8d54aafa5dac1
-
SHA1
e9a9db62e38b2c241ec73cdeb8cb77c17e0188f1
-
SHA256
c8e57eaa8b0fcdfa8cd3db86591975ed151c5e1751997a94fb0d9dddf62aecba
-
SHA512
ba2c09252a9d01344256284bae7f01160ad9993845ea0c338113969ff7b3666a76488830d8cafaaa0cb991e8b478bb13c07936dae8c0d308e2969df62a517b2e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
Documents.exe
-
Size
568KB
-
MD5
4c4ff89eb2f8ee2fa067a1d017497021
-
SHA1
8d8c62a01d0c3fc189040472ec42aa5171c1c1e4
-
SHA256
726e05271ef6a6781ecd7bd9b130e4621734c991160d820f0fdd61186f5fbd55
-
SHA512
1d2b6dcace4cba63a4cfab4c197286f132ca05b53b2c39c3b3ee60349514b4a2fac61b6e3cbaa61d784b6c7a6d8edb9e48338320c6c3ee8c75a7b225d67a0d2b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-