General
-
Target
DHL Package Documents clearance.exe
-
Size
690KB
-
Sample
240617-sf6vjsyemm
-
MD5
06f29001ddc852a2880b8ece673ff24c
-
SHA1
f80a254ba85b9531da05c74a12a8235ef8a359a1
-
SHA256
87c68756481a2bbd821e8ac224087c5626ffdc1e05eaaeff506bb0b5148bba0b
-
SHA512
95020cd917b98919d3960090209bbd754739cc247ffd0497cbf0edd0142ab7c86d668f6617b9f47c8e375dc323508bb42d38fe2c44eca4b56524835e0b40527b
-
SSDEEP
12288:D2iNvFIsPAYDDNvkm7TuIQvQatxuJlV3D677qZAu+IPlatsXqdcW:D1DIK7DNvj7TuIQY3X3e7uZAuExdc
Static task
static1
Behavioral task
behavioral1
Sample
DHL Package Documents clearance.exe
Resource
win7-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kxnlaos.com - Port:
587 - Username:
[email protected] - Password:
eDe~fz;Cy0{W - Email To:
[email protected]
Targets
-
-
Target
DHL Package Documents clearance.exe
-
Size
690KB
-
MD5
06f29001ddc852a2880b8ece673ff24c
-
SHA1
f80a254ba85b9531da05c74a12a8235ef8a359a1
-
SHA256
87c68756481a2bbd821e8ac224087c5626ffdc1e05eaaeff506bb0b5148bba0b
-
SHA512
95020cd917b98919d3960090209bbd754739cc247ffd0497cbf0edd0142ab7c86d668f6617b9f47c8e375dc323508bb42d38fe2c44eca4b56524835e0b40527b
-
SSDEEP
12288:D2iNvFIsPAYDDNvkm7TuIQvQatxuJlV3D677qZAu+IPlatsXqdcW:D1DIK7DNvj7TuIQY3X3e7uZAuExdc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-