General
-
Target
Dhl_waybill#.exe
-
Size
735KB
-
Sample
240612-hd2spsshqe
-
MD5
c07a5aae78c4449dd4164943d5650bf7
-
SHA1
33ae22edec0b49a4735061d52b1730d1447fb420
-
SHA256
af6694d1a51a60d7bf11ca63a9af3e749c122490ab8f620921b73f89eb1d9123
-
SHA512
6cf227539b64ccc37d99bf36982bc96087be17996b0892d31f6392a98859951c2754ef3dcee9f72efa77d1c4347cc06115f700a4cfad38648dbc4332aec57423
-
SSDEEP
12288:t7dXtfETH6ViiCLEdd1fS+PDoKX85hTLRAy9amFdJ0kENV:pd92H6Vlj1fS+Unxf70j
Static task
static1
Behavioral task
behavioral1
Sample
Dhl_waybill#.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
BWP$AeV1 - Email To:
[email protected]
Targets
-
-
Target
Dhl_waybill#.exe
-
Size
735KB
-
MD5
c07a5aae78c4449dd4164943d5650bf7
-
SHA1
33ae22edec0b49a4735061d52b1730d1447fb420
-
SHA256
af6694d1a51a60d7bf11ca63a9af3e749c122490ab8f620921b73f89eb1d9123
-
SHA512
6cf227539b64ccc37d99bf36982bc96087be17996b0892d31f6392a98859951c2754ef3dcee9f72efa77d1c4347cc06115f700a4cfad38648dbc4332aec57423
-
SSDEEP
12288:t7dXtfETH6ViiCLEdd1fS+PDoKX85hTLRAy9amFdJ0kENV:pd92H6Vlj1fS+Unxf70j
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-