General
-
Target
DHL_AWB_NO__AWB 4507558646.bin.zip
-
Size
672KB
-
Sample
230403-ntvl8afh7w
-
MD5
7d115acf843dddb094a3b3aa2e5cecb7
-
SHA1
3dd4e95d6a593b11d40f6b3473d8e884f56adc64
-
SHA256
2198ce03ea263d93d322f02634c6e7ac3e33d5efaa361b7e1916187168a881fe
-
SHA512
ae193666fb437c86dd9efd7206ba6f9a5ce13f2c553905d8be8a75df931218246f5b1ddbdf06473bf6e0b9e71ac270ded25fa53b0d1c540de54e6f4e0d6cffb6
-
SSDEEP
12288:N0rfr22ZANoIgX8CAOXZRawDXmn5d8kYMhRDITgwnxdibLp:W62ZPsCAOpRawDW5WJMrETgwxs
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB_NO__AWB 4507558646.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DHL_AWB_NO__AWB 4507558646.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
DHL_AWB_NO__AWB 4507558646.bin
-
Size
715KB
-
MD5
f4171a1d0b83927205b24a869405fab5
-
SHA1
18daf981878dfbca56ff020a94ffd5ff31acb930
-
SHA256
1035c0af69138d45af1e8a10682c5fe707ac7e4334ea1517744da7ac67dad711
-
SHA512
997616ea7e75efb36576a909acc45b57f69dfa0e64b7b2c14e9dd2c59d51f97a01f1f405db3010d34fd1ec3d66279bb3c0dae490bc59a70113504f49b34720c9
-
SSDEEP
12288:P5CBWKdq1FbwwJLwre64jor+JlC6l8w28bQpP9zPQ5roiHn/uLIdlL1myy1GBL:QfrpXaXC6l8wUgloIn/8yy1EL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-