General
-
Target
DHL_AWB_NO_#AWB 4507558646.zip
-
Size
547KB
-
Sample
230330-paw7daea3z
-
MD5
247a371775a0a6d7c49fac9eff1258ef
-
SHA1
e5f1cf8dac43355c886eb66af29566ea286f289d
-
SHA256
758f44953380a1b5ff4353a6428ff696fb177b1f2e9248dd90f39c00ce24f7cb
-
SHA512
896a6963850b549fb2074cae7a438780e0352cbacf72a7ef973f46bbb1564f40e73e9dd5ec3c6c7c3b490af4d5e0548b073290997f1812ba24bd0a458351308f
-
SSDEEP
12288:mUxIRjrfSNSwrN4z6uJJVX7IHpUGABsn9SLzZak1x48KzoU:mxR/kiJJVX7IJMBsGaoxYF
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB_NO_#AWB 4507558646.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DHL_AWB_NO_#AWB 4507558646.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
DHL_AWB_NO_#AWB 4507558646.exe
-
Size
658KB
-
MD5
5dcefd1c13cf257168c014edad94c43b
-
SHA1
a730e4d4d2a3ea070c85783afab4578e756758c5
-
SHA256
80b6e703e67ace7480854fa2e005495b86c53b0f2afd72018d0c77bf9fd43605
-
SHA512
b536a9259f66b5f55e3697856a4f67b93bbc49c050a506caee61c708bd2008e3a24f63baeba9e3d6d750e2ce061fcbf74dd55db68f83ba8cd6387dfc2f8954f4
-
SSDEEP
12288:vvbimOMt+DNSorzsb6WFJv7IhxUySBmR9MLrZSowdhI6Bjq:vTimXyyFJv7IhxgBmsShdhIG
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-