Overview

overview

10

Static

static

3

DHL-AWB 764312.exe

windows7-x64

10

DHL-AWB 764312.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL-AWB 764312.cab.bin

  • Size

    595KB

  • Sample

    230501-xfyamafg2y

  • MD5

    fc6a689095a3f74ac336c4c3968108ff

  • SHA1

    6072dffc994f5ab22a4b7320d9caba21b137b34b

  • SHA256

    0b86c2794e8c07a237d80ac1b0d1ed7130666e8d8ab4762a7e7c0ef717cf7380

  • SHA512

    8c9a75d3fd9ddd1462d8ff6edf1bca43aba4424c52b270e1238d9f1247156bc19bbb0b255839cc6dcd0025f3278a504cb6c76e2678f9af621631fdd1eb434acd

  • SSDEEP

    12288:8Xe5od4GlT5Z+/O5RjKBI8AeNNQqW7aJ7luADCNr1Gmn6Sv3:ITHlTX+m59sXpIqr7luD5J6m3

Score
10/10
agentteslaredlinecollectioninfostealerkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5635409590:AAHInAR4dWLcsUes3TU8Nj2UQrEubKrXKLs/

Targets

    • Target

      DHL-AWB 764312.exe

    • Size

      841KB

    • MD5

      a27033a4d5e25bf5a4844f18d8d1bd38

    • SHA1

      62eea27661ed94a48b8142fe87d049b03b9f1295

    • SHA256

      86d4a06ce584c3d67c982690c85a60d789d48293ef122c81c7ea4e19ab7c912d

    • SHA512

      94775dd4022c9d1be83308e3d6a0760ab4c6e0749179f2339ede2c5c2786995969f96950d3eac2813b6ae64651c784bb26ad32f3537bb586f39edb224b6374dd

    • SSDEEP

      12288:LZ/9WflU/9DWlN/OyRj+uIeAeDNnqWWaF7luSDCA11WHNdLk2W3:tylURUNmy9LDplqA7luhEw7gd

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojanredlineinfostealer

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detects Redline Stealer samples

      This rule detects the presence of Redline Stealer samples based on their unique strings.

      stealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks