Behavioral task
behavioral1
Sample
DHL Consignment Details_pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DHL Consignment Details_pdf.exe
Resource
win10v2004-20230220-en
General
-
Target
9637811090.zip
-
Size
236KB
-
MD5
6d20118da52d83b0db753e6a341db25f
-
SHA1
6f0f4c6bfcc3eefa0ca15fb76a31516b36d07f13
-
SHA256
48585a6d5eb1297a60066fe3617ba547265d43d9fd4b5a1e4c61801c0d39e690
-
SHA512
6bb6fccd01ea8f36e8dd33b601b93e464e43d168842276fdffeed1552f195267df420cc4f7c35f848f622a03eaff3dd738561a27d935cda00f3ee455cec00f25
-
SSDEEP
6144:J2iGAg8OEWvNrfz7fgpJaVnXUXBq39ILOGl1Xb:JpORL7fgpCXSq3eLOar
Malware Config
Signatures
-
AgentTesla payload 1 IoCs
Processes:
resource yara_rule static1/unpack002/DHL Consignment Details_pdf.exe family_agenttesla -
Agenttesla family
Files
-
9637811090.zip.zip
Password: infected
-
61c390aada68477542e8e4f2b82bee0fd580dfe1893255d6f4d0dd12d7b2b2b5.rar
-
DHL Consignment Details_pdf.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 603KB - Virtual size: 602KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ