General
-
Target
DE356325424_POA DHL.exe
-
Size
210KB
-
Sample
230331-mpe6ashc89
-
MD5
f3ee8a265451beb1f9e5b6ed6414dbb5
-
SHA1
47afad0bc9967501152f95599677115d3b4c487a
-
SHA256
f79b975267f3d8b382e3dc5afece09fb582f4aabdde181c129d809437831b6bf
-
SHA512
3960f3fdbdb5de42307bf4341a2a47ba3288b333b39a75d83cb683140c2a34daa6e9ea85bb4dc07dc23a6dbe40f0e7d09368c537ca0210ce3fd40e9ee8c3e1c8
-
SSDEEP
6144:2Z8LqKUnWb964ywHDC3mU/mtgjGbhKSiI:FLqKUw96IHDARjGbwI
Static task
static1
Behavioral task
behavioral1
Sample
DE356325424_POA DHL.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DE356325424_POA DHL.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5693068931:AAGSQSNIWDJM1FzeZVNHS020I9wVBrQdkRM/
Targets
-
-
Target
DE356325424_POA DHL.exe
-
Size
210KB
-
MD5
f3ee8a265451beb1f9e5b6ed6414dbb5
-
SHA1
47afad0bc9967501152f95599677115d3b4c487a
-
SHA256
f79b975267f3d8b382e3dc5afece09fb582f4aabdde181c129d809437831b6bf
-
SHA512
3960f3fdbdb5de42307bf4341a2a47ba3288b333b39a75d83cb683140c2a34daa6e9ea85bb4dc07dc23a6dbe40f0e7d09368c537ca0210ce3fd40e9ee8c3e1c8
-
SSDEEP
6144:2Z8LqKUnWb964ywHDC3mU/mtgjGbhKSiI:FLqKUw96IHDARjGbwI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-