General
-
Target
DHL_LHER000678175.exe
-
Size
701KB
-
Sample
240329-jbt6hsdb26
-
MD5
fd8a4c9f42297e59fe3892d06688370f
-
SHA1
7a66a530f3c14c6a0ad0e72563d9067a3f1dd879
-
SHA256
ca92b43dfeef29646eb50854fb424097800485d266b0a265b6f225382fe56600
-
SHA512
7a867759b78e733d61efd75d3c49e14c3b5d269eec5a3cca8837876d612a337999f515f037cd4b9165c7c2fc35e53626f41a2dbf3b32c4c60fdaed65bccba53e
-
SSDEEP
12288:mPLK1Ya1cOt6j8r2aUUP/1br1NTsf9LNfA67bealyVe9rjOt9w10ekR:MiqTwrXUUPtH1cL9nHvl44jCw1e
Static task
static1
Behavioral task
behavioral1
Sample
DHL_LHER000678175.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
DHL_LHER000678175.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
nl9.nlkoddos.com - Port:
587 - Username:
[email protected] - Password:
Myname321@
Targets
-
-
Target
DHL_LHER000678175.exe
-
Size
701KB
-
MD5
fd8a4c9f42297e59fe3892d06688370f
-
SHA1
7a66a530f3c14c6a0ad0e72563d9067a3f1dd879
-
SHA256
ca92b43dfeef29646eb50854fb424097800485d266b0a265b6f225382fe56600
-
SHA512
7a867759b78e733d61efd75d3c49e14c3b5d269eec5a3cca8837876d612a337999f515f037cd4b9165c7c2fc35e53626f41a2dbf3b32c4c60fdaed65bccba53e
-
SSDEEP
12288:mPLK1Ya1cOt6j8r2aUUP/1br1NTsf9LNfA67bealyVe9rjOt9w10ekR:MiqTwrXUUPtH1cL9nHvl44jCw1e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-