General
-
Target
z1DHL_AWB_NO_AWB4507558646.exe
-
Size
716KB
-
Sample
230330-2pdd2aef99
-
MD5
22e491a919a5271782f04ac65dcde192
-
SHA1
1b8a5377e4534798f72bce8bedd7e70ec73645d8
-
SHA256
4a54cac2dc41301d00d1f9a27a16a8a33045c393542c56e063b290e5b446db22
-
SHA512
7871fd91d204d159a770e2272ee0dd34601cc709cc31a51727439afba255ba5bc72e755c8f2af109be777cbcffa54a1c531876a78ef50b40c0a88df7d7a6131f
-
SSDEEP
12288:i7inGzBKzcpLyBryMTFWSnoJBGhPUKVwS5yq5doNsrXSWI7OimOMt+:FsCty0FmEUDSo8qqriXOimX
Static task
static1
Behavioral task
behavioral1
Sample
z1DHL_AWB_NO_AWB4507558646.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
z1DHL_AWB_NO_AWB4507558646.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
z1DHL_AWB_NO_AWB4507558646.exe
-
Size
716KB
-
MD5
22e491a919a5271782f04ac65dcde192
-
SHA1
1b8a5377e4534798f72bce8bedd7e70ec73645d8
-
SHA256
4a54cac2dc41301d00d1f9a27a16a8a33045c393542c56e063b290e5b446db22
-
SHA512
7871fd91d204d159a770e2272ee0dd34601cc709cc31a51727439afba255ba5bc72e755c8f2af109be777cbcffa54a1c531876a78ef50b40c0a88df7d7a6131f
-
SSDEEP
12288:i7inGzBKzcpLyBryMTFWSnoJBGhPUKVwS5yq5doNsrXSWI7OimOMt+:FsCty0FmEUDSo8qqriXOimX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-