General
-
Target
DHL ATH0000387614.rar
-
Size
625KB
-
Sample
220923-h8cgashdgp
-
MD5
7fdda082aaf11d2e335e2ac0e3615ed6
-
SHA1
16915607673fd3085eec07840a46b8adc9ea83f3
-
SHA256
976168dd982087859bc513307af712671cd784eefe2de32c14ccebcf1624fffd
-
SHA512
d0445240ffeb95e9526f4db6a111f522ac35f23e4e08e76c01c16060da44a182cbd5593962b4172b0cdb7ab763756a691a4b013102c9c05a91c8e533f9a97d17
-
SSDEEP
12288:+MBeLZg1lQXsIEoHE7x8szUK4b1X+JQtUgk9VHGGT1ZmMrm+5rAJ:+MUslCsIEoHEV8s/q1I3g2HGiygU
Static task
static1
Behavioral task
behavioral1
Sample
DHL ATH0000387614.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
ventas@mftecnologia.com.uy - Password:
Ventas.1
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
ventas@mftecnologia.com.uy - Password:
Ventas.1
Targets
-
-
Target
DHL ATH0000387614.exe
-
Size
794KB
-
MD5
ea5de2cb58a153e81667e6c4a0627dca
-
SHA1
23269cffd3ddbb8277d97d491476ba7ac9bf7b5e
-
SHA256
9da2cbedadabdf82c330987858212470e1ec100f3d24ad43f5f7ecb902236711
-
SHA512
b9237560ac52bb6d7e46b1fdb24c2f945ce8c1a6ecb1d093f1b0998f02288bc1fe24ef4f1314c86f036ed5e4375f101ef5e06ed8fcf9505b723c0bb2eb3fb4c0
-
SSDEEP
12288:kP7UMfbvDzcxezAfPILJaV0Bfd9u1hrSlPsVovjDPs54x8NxgV2iN:9ZPILJHldI1hrSlsKLb5xuxgV1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-