Overview

overview

10

Static

static

10

DHL RPA GR...df.exe

windows7-x64

10

DHL RPA GR...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL RPA GRBP Template.pdf.exe

  • Size

    13KB

  • Sample

    230612-jbxawaah93

  • MD5

    0aa04f249eaece97140ad4ff7bc00420

  • SHA1

    4cb79679a05b197ba21489fc362e0d91ae2c3b06

  • SHA256

    9ed9d37ed2bad5f93fe5f80d396c6a075be44a60312ea033a8d4eb3be772b4f9

  • SHA512

    e5a4e704f9919d55398bfb9fe3f98729084b531d4ffaf5ccf59eef83b190827f8d80c60e0e676d56c36bdff019499483b10851288b2f84f922f18c182b4b5599

  • SSDEEP

    192:k0OejvqLK915glsNhYkCeXicN+gp7cCBR2D9UFay:klLaTglsNvCeXicNrZO9UFa

Score
10/10
agentteslapurecryptercollectiondownloaderkeyloggerloaderspywarestealertrojan

Malware Config

Extracted

Family

purecrypter

C2

https://onedrive.live.com/download?cid=0D0FBFD7EE8A13AB&resid=D0FBFD7EE8A13AB%21212&authkey=AAMJbAVJ3CQXG7o

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6261426177:AAGKVvStJVx3AbPod6gVs0gLfIFG75EuCzc/

Targets

    • Target

      DHL RPA GRBP Template.pdf.exe

    • Size

      13KB

    • MD5

      0aa04f249eaece97140ad4ff7bc00420

    • SHA1

      4cb79679a05b197ba21489fc362e0d91ae2c3b06

    • SHA256

      9ed9d37ed2bad5f93fe5f80d396c6a075be44a60312ea033a8d4eb3be772b4f9

    • SHA512

      e5a4e704f9919d55398bfb9fe3f98729084b531d4ffaf5ccf59eef83b190827f8d80c60e0e676d56c36bdff019499483b10851288b2f84f922f18c182b4b5599

    • SSDEEP

      192:k0OejvqLK915glsNhYkCeXicN+gp7cCBR2D9UFay:klLaTglsNvCeXicNrZO9UFa

    Score
    10/10
    purecrypterdownloaderloaderagentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks