General
-
Target
DHL_AWB_NO_#AWB 4507558646.exe
-
Size
715KB
-
Sample
230403-pnc1nagc2t
-
MD5
f4171a1d0b83927205b24a869405fab5
-
SHA1
18daf981878dfbca56ff020a94ffd5ff31acb930
-
SHA256
1035c0af69138d45af1e8a10682c5fe707ac7e4334ea1517744da7ac67dad711
-
SHA512
997616ea7e75efb36576a909acc45b57f69dfa0e64b7b2c14e9dd2c59d51f97a01f1f405db3010d34fd1ec3d66279bb3c0dae490bc59a70113504f49b34720c9
-
SSDEEP
12288:P5CBWKdq1FbwwJLwre64jor+JlC6l8w28bQpP9zPQ5roiHn/uLIdlL1myy1GBL:QfrpXaXC6l8wUgloIn/8yy1EL
Static task
static1
Behavioral task
behavioral1
Sample
DHL_AWB_NO_#AWB 4507558646.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
DHL_AWB_NO_#AWB 4507558646.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
DHL_AWB_NO_#AWB 4507558646.exe
-
Size
715KB
-
MD5
f4171a1d0b83927205b24a869405fab5
-
SHA1
18daf981878dfbca56ff020a94ffd5ff31acb930
-
SHA256
1035c0af69138d45af1e8a10682c5fe707ac7e4334ea1517744da7ac67dad711
-
SHA512
997616ea7e75efb36576a909acc45b57f69dfa0e64b7b2c14e9dd2c59d51f97a01f1f405db3010d34fd1ec3d66279bb3c0dae490bc59a70113504f49b34720c9
-
SSDEEP
12288:P5CBWKdq1FbwwJLwre64jor+JlC6l8w28bQpP9zPQ5roiHn/uLIdlL1myy1GBL:QfrpXaXC6l8wUgloIn/8yy1EL
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-