General
-
Target
DhlShipmentDetails06Dec.exe
-
Size
861KB
-
Sample
221206-hsnvdsgg2w
-
MD5
ccbd57fed0acd03f1a2fa975a5e2378c
-
SHA1
97174258a45c52001ebbddbb8efaf9f485a83321
-
SHA256
a1480ab1090748ce893678eb891dffb2b82ee87484e5b585f620926e2c3724ef
-
SHA512
a0bbb47958f248d718fa22ec4bb565cafc1e330c1058ca991c9d110019fc9a679dc43d38533b7915e04b259517df78444ee4eb47bfd0269604cdf7d38515217f
-
SSDEEP
12288:OcGjmaLGqW2oKPlcqL9DHnMU1l9i0OL/O2TfpV+CUu6StKRgKZ/nXt7virmWhlG1:lsoq3oKOqRDnMUtnODr3RUu6S8
Static task
static1
Behavioral task
behavioral1
Sample
DhlShipmentDetails06Dec.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
DhlShipmentDetails06Dec.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5702698141:AAH3zArxBJTzE6y3KAwr-22tBuWNisJ3iEg/
Targets
-
-
Target
DhlShipmentDetails06Dec.exe
-
Size
861KB
-
MD5
ccbd57fed0acd03f1a2fa975a5e2378c
-
SHA1
97174258a45c52001ebbddbb8efaf9f485a83321
-
SHA256
a1480ab1090748ce893678eb891dffb2b82ee87484e5b585f620926e2c3724ef
-
SHA512
a0bbb47958f248d718fa22ec4bb565cafc1e330c1058ca991c9d110019fc9a679dc43d38533b7915e04b259517df78444ee4eb47bfd0269604cdf7d38515217f
-
SSDEEP
12288:OcGjmaLGqW2oKPlcqL9DHnMU1l9i0OL/O2TfpV+CUu6StKRgKZ/nXt7virmWhlG1:lsoq3oKOqRDnMUtnODr3RUu6S8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-