General
-
Target
DHL_AWB_NO_#AWB 4507558646.exe
-
Size
658KB
-
Sample
230330-m9qsjadh21
-
MD5
5dcefd1c13cf257168c014edad94c43b
-
SHA1
a730e4d4d2a3ea070c85783afab4578e756758c5
-
SHA256
80b6e703e67ace7480854fa2e005495b86c53b0f2afd72018d0c77bf9fd43605
-
SHA512
b536a9259f66b5f55e3697856a4f67b93bbc49c050a506caee61c708bd2008e3a24f63baeba9e3d6d750e2ce061fcbf74dd55db68f83ba8cd6387dfc2f8954f4
-
SSDEEP
12288:vvbimOMt+DNSorzsb6WFJv7IhxUySBmR9MLrZSowdhI6Bjq:vTimXyyFJv7IhxgBmsShdhIG
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB_NO_#AWB 4507558646.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DHL_AWB_NO_#AWB 4507558646.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
DHL_AWB_NO_#AWB 4507558646.exe
-
Size
658KB
-
MD5
5dcefd1c13cf257168c014edad94c43b
-
SHA1
a730e4d4d2a3ea070c85783afab4578e756758c5
-
SHA256
80b6e703e67ace7480854fa2e005495b86c53b0f2afd72018d0c77bf9fd43605
-
SHA512
b536a9259f66b5f55e3697856a4f67b93bbc49c050a506caee61c708bd2008e3a24f63baeba9e3d6d750e2ce061fcbf74dd55db68f83ba8cd6387dfc2f8954f4
-
SSDEEP
12288:vvbimOMt+DNSorzsb6WFJv7IhxUySBmR9MLrZSowdhI6Bjq:vTimXyyFJv7IhxgBmsShdhIG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-