General
-
Target
3c82fbd85a69de84fc7cb404bdd1cb849925a7b6b1053a6572cfb2b610a93a39
-
Size
365KB
-
Sample
220521-pxycysbddq
-
MD5
d141b9a85cc5e2bfbb5ee251fca97dc7
-
SHA1
121e499e586fa793ca6d8ee2fff42ff4df9009cc
-
SHA256
3c82fbd85a69de84fc7cb404bdd1cb849925a7b6b1053a6572cfb2b610a93a39
-
SHA512
80dac691d80a310b37c94fc031e9ef3657a287988eb4c37afe8d45955bbde492fa52259ffa40181772b33a8f1284202d11bef92f2f5482e04f2ee13a2e2e9737
Static task
static1
Behavioral task
behavioral1
Sample
AWB DHL 6357297368.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
AWB DHL 6357297368.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
AWB DHL 6357297368.exe
-
Size
401KB
-
MD5
1221300c3d055641e3067c1699aa20e3
-
SHA1
736fb0ca19750112c72dfb189b4dc0539303f45e
-
SHA256
addb2e3a02342b031f2313bfc910927b94904faed320fc4b52e4b8fec77d622b
-
SHA512
7a4a365cc87d5d8acc68cceced203b48c2c63190e335294601e0c905fffc44ebc214aff2eb77cc352eafbb8c96fd000d9eed684746b7271560cda162ff935903
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-