General
-
Target
DHL AWB TRACKING DETAILS.exe
-
Size
4.4MB
-
Sample
240515-jen4nsfe23
-
MD5
c9e84aa2df458001b725fbe70997b5d9
-
SHA1
f529f505c33bcbead32af57cb2caf31ed6a86159
-
SHA256
733ff37f570b12e7822e2a9136bcbae035d4ff49088b30d0ad41d9a1c9cb822f
-
SHA512
6878fe97e44ed5f8096c8f4dc7705e1d8514c37e0c6fb5f1e98d32e9e2d9641f1e5b8461ae45a6de278b283430436f659a8f4b8f59a4ac38941ff50576e8f106
-
SSDEEP
24576:OuyLrUD0qFN5tJvWSL7z2wIordsi3s8kWbhBSUIJb1lCj+q2vnyDw83VVlGDaG:Ou
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB TRACKING DETAILS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DHL AWB TRACKING DETAILS.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.laboratoriosvilla.com.mx - Port:
587 - Username:
[email protected] - Password:
WZ,2pliw#L)D - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.laboratoriosvilla.com.mx - Port:
587 - Username:
[email protected] - Password:
WZ,2pliw#L)D
Targets
-
-
Target
DHL AWB TRACKING DETAILS.exe
-
Size
4.4MB
-
MD5
c9e84aa2df458001b725fbe70997b5d9
-
SHA1
f529f505c33bcbead32af57cb2caf31ed6a86159
-
SHA256
733ff37f570b12e7822e2a9136bcbae035d4ff49088b30d0ad41d9a1c9cb822f
-
SHA512
6878fe97e44ed5f8096c8f4dc7705e1d8514c37e0c6fb5f1e98d32e9e2d9641f1e5b8461ae45a6de278b283430436f659a8f4b8f59a4ac38941ff50576e8f106
-
SSDEEP
24576:OuyLrUD0qFN5tJvWSL7z2wIordsi3s8kWbhBSUIJb1lCj+q2vnyDw83VVlGDaG:Ou
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-