General
-
Target
DHL AWB SHIPMENT DOCS.zip
-
Size
622KB
-
Sample
220923-hn7rpshdcl
-
MD5
3fa0b330b6f8590b838c31727c17ca43
-
SHA1
d0ac8a513f9e91f51a1306f5a5c73155b3504e9d
-
SHA256
e07ed44650299b049af6ac30d65a87a46fd12ebfb2f955124d84af0ebf7844f5
-
SHA512
31552b39616b4a355045253782750e133ac55a42f0bb8b0627fdffde8237d0cd1ad5fb5a762c580b679937bd447b87f96e9131429f4d18d2c0bf3e79c510bb25
-
SSDEEP
12288:R+q6YY7mwwKlcQgdubW5IUrbCwZAPdKOWiB/2caVIRQnRyK0wh:R+/YxKaQgdubW6UvCcAP4OWMecaGunRL
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB SHIPMENT DOCS.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL AWB SHIPMENT DOCS.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.udupis.com - Port:
587 - Username:
sales@udupis.com - Password:
skills150
Targets
-
-
Target
DHL AWB SHIPMENT DOCS.exe
-
Size
1.0MB
-
MD5
ae68aad90d2c563d7224615d4f8e6532
-
SHA1
3bafaff78a3654ec5fb1eb6e7c73a167ec619ba1
-
SHA256
ba4a2766012fbcfc2ed208ae30f8deaa5710aee9c72db381ed9047faeb052782
-
SHA512
3a3851e938b6d2ac8bfb291fcd9c9e28f0514c088400e6b8cf1d78021c0d64933bfb7a45b9771ba7d51e69d39d60f7b795ab072a3dceb56d4058bed741251210
-
SSDEEP
24576:NO4Kkygdqb66CvqcAPKOWOUcSsunDyK0:NO4Kky5u1NOxJSsuDyK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-