General
-
Target
f9d02ee4f121030e2fce71fd90cc8af17191fa891f3d2910d1a2eb42a774df00
-
Size
595KB
-
Sample
240430-b9xejahd9z
-
MD5
47631f28b02f68c73700c903b5ab6f9b
-
SHA1
ce75a87a00421a800886d626dcada5e50fe134a4
-
SHA256
f9d02ee4f121030e2fce71fd90cc8af17191fa891f3d2910d1a2eb42a774df00
-
SHA512
c2a8913ad42a4d4842f69055a9af55235e98027eee727829647888bd166ac3df10970ee4eb955522d4774f871f794f2bfc6f4f4a24d7c5fddd5e0376ef53111b
-
SSDEEP
12288:BmR9+JYLMzLZ4n7NxbUYnVZ15Su3Bv6kAJY8ql7Dl6nIKicnR:BiROgNCYpJ3BvqxiDMIcnR
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB COMERCIAL INVOICE AND TRACKING DETAILS.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
DHL AWB COMERCIAL INVOICE AND TRACKING DETAILS.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.laboratoriosvilla.com.mx - Port:
587 - Username:
[email protected] - Password:
WZ,2pliw#L)D - Email To:
[email protected]
Targets
-
-
Target
DHL AWB COMERCIAL INVOICE AND TRACKING DETAILS.exe
-
Size
1018KB
-
MD5
040e8bb1342fc8dfe5c0e6e75a42add8
-
SHA1
5de65513a160964c8c899d183c81df58165a0430
-
SHA256
cbf47edce01777d05a17e93ee52242f4912c8eb1c02f0622ecf5c0f07d27f3d6
-
SHA512
7aab4172f8a3fc7e8f2302d4d6d07037abd87e19591c3e40426bd5c4fbc61713fabd4bd769c98241940c6de79b62c44673ed20e59b2cc30e2575329dd4f1751f
-
SSDEEP
24576:QAHnh+eWsN3skA4RV1Hom2KXMmHalQ2KycCX5:Hh+ZkldoPK8YalQ9Q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-