General
-
Target
DHLDOCUMENTS27011222.ace
-
Size
629KB
-
Sample
221128-p72hcsad3y
-
MD5
90dcf04fd65b39f652b98ab4e0d406f9
-
SHA1
f323645f57be3654c1814febefaf97fab77f6b46
-
SHA256
feb7300da45537d68546b3e17b29a589450fc8422cd386dafd5410365fb5128b
-
SHA512
d7b2b06f5995c75eb0e98c39abba54c7bf9e16243217059d30726e160d4a5a7c4b6a9ce9cdb462c0144474884180946532d525be457d54cf8d7a456d0f72a08b
-
SSDEEP
12288:wFeCHT257usDxp9oy0ikgD0LUGvrG6pLWWHzdA+M6fxoJWFiC:wFzT38roSkgDAUGv66pLW6zdR9o2
Static task
static1
Behavioral task
behavioral1
Sample
DHLDOCUMENTS27011222.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DHLDOCUMENTS27011222.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5702698141:AAH3zArxBJTzE6y3KAwr-22tBuWNisJ3iEg/
Targets
-
-
Target
DHLDOCUMENTS27011222.exe
-
Size
838KB
-
MD5
58077ced076708815fa29dd0868d99e2
-
SHA1
f8d7f9c739c8c30efea7ee7e8a05a33319b0dd79
-
SHA256
e7b95197fb910258fc23e03856af901ad54e0e824a707b5605a275296c85dc40
-
SHA512
1e99132d9b2ecbadd21d9c81e993ad4741f4fb1f95c62a38b0848b449fec88d147ee0455e23495c4e4f4741f12c08bf14767280b7815e2f768e0ff3ff6c4d6ef
-
SSDEEP
24576:VC1Gudz+ZoRu+VI1SBllryZcZhaUIgvpjRpY:VTudquRuz1SBbyWaZgxjb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-