General
-
Target
86093067d960040ed12acb55c26005fb4c4fe30b5bb0698397d1ea75915433d9.iso
-
Size
836KB
-
Sample
240518-k9g5aadc2x
-
MD5
c7e1d63fa8f9e0dcab79ed3c4415a753
-
SHA1
eba7c9f65d45ecaaa8254de224035ed58c5febbe
-
SHA256
86093067d960040ed12acb55c26005fb4c4fe30b5bb0698397d1ea75915433d9
-
SHA512
4815087435b2cc5c639af605bcf66fcfc9055deaf3f54bdf81a3acf404418a147c87290f0fcc7ee218eb2a76d1fd1feec31e46add9d7d61f67b361537a5df11f
-
SSDEEP
12288:Gv0pei36RhGUU/ZUpBPpHXiGGAWjzANEPaXnTQAm8HGSuNAWX4x74tuYmburHWp2:Gcpp36+UbZFB28rjTl6NpXg4t1O
Static task
static1
Behavioral task
behavioral1
Sample
DHL Delivery Invoice AWB#7490327845.exe
Resource
win7-20240220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
marcellinus360 - Email To:
[email protected]
Targets
-
-
Target
DHL Delivery Invoice AWB#7490327845.exe
-
Size
775KB
-
MD5
12bc629e36e7ceecfdedf345e6087085
-
SHA1
d5dd6d6ea7ffc4b64199833ae0a4c58ce2dfcf6e
-
SHA256
3dc418214907aef99792b2b826fec6b837f2b3cd0c5404efb7d5e39b672be7b5
-
SHA512
5381c26b997e2b5e932dad2aec69e30a643b5cba49c90441c2fb94cb0bd3b8f878fb17626700cde26ab0b7d8cd1b75187f90007edfe6964b78fc0fec424ec629
-
SSDEEP
12288:+v0pei36RhGUU/ZUpBPpHXiGGAWjzANEPaXnTQAm8HGSuNAWX4x74tuYmburHWp2:+cpp36+UbZFB28rjTl6NpXg4t1O
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-