General
-
Target
DHL INVOICE.xls
-
Size
1.6MB
-
Sample
221206-hrhxragf2s
-
MD5
6082b3395c504cce2544d929326a407d
-
SHA1
ade67d3b4c048b60f0538c6c62c6f54d58659e74
-
SHA256
8c0b9a4b182a840e47b543ba7e9159b42d6885f20f01a08841366ed24826070e
-
SHA512
d3af6e0a2376c337c5105c279314ec3fd25ec74603572f994a8119892099f54a89a73d51e46ab07c2e6b871024f3566e4a8b031847c4382a1a3b6e697b4c710f
-
SSDEEP
24576:zzxXXXXXXXXXXXXUXXXXXXXXXXXXXXXXDamaur5XXXXXXXXXXXXUXXXXXXXrXXXs:keY/+wFlnH
Static task
static1
Behavioral task
behavioral1
Sample
DHL INVOICE.xls
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
DHL INVOICE.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5466358579:AAFHSCLt1chyZSTsCVrxZSdLSPQ_50Hs-ww/
Targets
-
-
Target
DHL INVOICE.xls
-
Size
1.6MB
-
MD5
6082b3395c504cce2544d929326a407d
-
SHA1
ade67d3b4c048b60f0538c6c62c6f54d58659e74
-
SHA256
8c0b9a4b182a840e47b543ba7e9159b42d6885f20f01a08841366ed24826070e
-
SHA512
d3af6e0a2376c337c5105c279314ec3fd25ec74603572f994a8119892099f54a89a73d51e46ab07c2e6b871024f3566e4a8b031847c4382a1a3b6e697b4c710f
-
SSDEEP
24576:zzxXXXXXXXXXXXXUXXXXXXXXXXXXXXXXDamaur5XXXXXXXXXXXXUXXXXXXXrXXXs:keY/+wFlnH
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-