General
-
Target
DHL_AWB 4677348255142.exe
-
Size
719KB
-
Sample
221208-m4llmacg2z
-
MD5
d51edfadd8c18c99eb712d0f5d61eacf
-
SHA1
59a6a681dfe9a7b00fd5e42e66e3880c453a4ca9
-
SHA256
f699a0ce7166a0f6c6996f15529a7dfd7ff50a573905d2b0bf5b0de8ad92af8f
-
SHA512
6263346820648344b67de168dc495cc1d4db528c732d4cf509f5faeedcfd6461244e9d470cb28a6a3e121efdf2dc6828d663244ac98c8f6bdc02ffaf3fb61f3f
-
SSDEEP
12288:NGNwmomPZef7VMAALR3yb+3jRqZVXPYPCoF9SBbPv6/TV9Js267F:Neomxi7ViYeNqZZPWC4SMjJn67
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB 4677348255142.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
DHL_AWB 4677348255142.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail2.bpk-spb.ru - Port:
587 - Username:
cast@sasta.ru - Password:
75YWEv76M3
Targets
-
-
Target
DHL_AWB 4677348255142.exe
-
Size
719KB
-
MD5
d51edfadd8c18c99eb712d0f5d61eacf
-
SHA1
59a6a681dfe9a7b00fd5e42e66e3880c453a4ca9
-
SHA256
f699a0ce7166a0f6c6996f15529a7dfd7ff50a573905d2b0bf5b0de8ad92af8f
-
SHA512
6263346820648344b67de168dc495cc1d4db528c732d4cf509f5faeedcfd6461244e9d470cb28a6a3e121efdf2dc6828d663244ac98c8f6bdc02ffaf3fb61f3f
-
SSDEEP
12288:NGNwmomPZef7VMAALR3yb+3jRqZVXPYPCoF9SBbPv6/TV9Js267F:Neomxi7ViYeNqZZPWC4SMjJn67
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-