General
-
Target
a860a86b9d9c109467efcfa76487a95c.bin
-
Size
816KB
-
Sample
240425-ccgs9adb98
-
MD5
5436a6bdc046c4b5d0be1304134c3996
-
SHA1
b1df578f0515609bb88c2269a89ebcd9c3b6a597
-
SHA256
ea4a760a5fe1ba67561424153c950696658416239d04274d35a527d7ba37179d
-
SHA512
a38e597a0221405cf562273b1f65fa33f3411e53385b121b859fa22a9fe750737e8c410cbae5dcc592f1dafdde04088d1f0c03f68588f4174e884ccbcd73a746
-
SSDEEP
24576:6T1LvYUNFKL4s8vDXjSyQKYGX6ef233XeNd27:6T1LtFhTj1YGX6GUgI7
Static task
static1
Behavioral task
behavioral1
Sample
DHL Receipt 004673321/DHL Receipt 004673321.pdf.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7099320956:AAEbKuoPa3eGpVw59XdjZSpakl0EQvO5p9g/
Targets
-
-
Target
DHL Receipt 004673321/DHL Receipt 004673321.pdf.exe
-
Size
300.0MB
-
MD5
3f550e2404750bee9767c47ac42324ba
-
SHA1
7ce5b605f6ed25eca0243d9ac09a0b231cc9c3dc
-
SHA256
859d964cf907965c62903bddeb0667d570139bdb6b8fd0113d430b5f48cc7d52
-
SHA512
3e925a0036f71e4649da08e88ab80b816132f5d596189eaea04e95744ba2fa3180887f404a489b0e5dd4e32361e0e7dc29c272f391067094e4e0efa779c50058
-
SSDEEP
24576:xA2q55503nejbo6m7JkWao7AwnNxADGq/OCemti9vMY6TtyC:U5550sbyiWaw565tYct
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-