General
-
Target
DHL_INVOICE_DOCUMENT_73835665756_6884983743_PDF.exe
-
Size
649KB
-
Sample
240618-lkxzwasamq
-
MD5
9ffcde5e6757f275fa89ab8b6ef21973
-
SHA1
c123e670657557f70750cad0a5578bb3f57c8faf
-
SHA256
3c88b5ac63f89243c575e59386e2fd924bd97eb80ffe1c2d7532059fc15566dd
-
SHA512
2ce38cc951afb45feceb7088e2f204df59f76b245d12a4dcb901a0ca473dfaa5ef3bbe37e326b9ed8300d8307d046107203706ef9607771dcf14b9e8d77fbc17
-
SSDEEP
12288:PFIsPAi3LmOKGB97zHBZOaken9S1Uduo14HMQkQbnGvbxp0A7+aq:tIKdaOKmfOjS9M+ucMyLv0
Static task
static1
Behavioral task
behavioral1
Sample
DHL_INVOICE_DOCUMENT_73835665756_6884983743_PDF.exe
Resource
win7-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.inducolma.com.co - Port:
587 - Username:
[email protected] - Password:
inducolma57 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.inducolma.com.co - Port:
587 - Username:
[email protected] - Password:
inducolma57
Targets
-
-
Target
DHL_INVOICE_DOCUMENT_73835665756_6884983743_PDF.exe
-
Size
649KB
-
MD5
9ffcde5e6757f275fa89ab8b6ef21973
-
SHA1
c123e670657557f70750cad0a5578bb3f57c8faf
-
SHA256
3c88b5ac63f89243c575e59386e2fd924bd97eb80ffe1c2d7532059fc15566dd
-
SHA512
2ce38cc951afb45feceb7088e2f204df59f76b245d12a4dcb901a0ca473dfaa5ef3bbe37e326b9ed8300d8307d046107203706ef9607771dcf14b9e8d77fbc17
-
SSDEEP
12288:PFIsPAi3LmOKGB97zHBZOaken9S1Uduo14HMQkQbnGvbxp0A7+aq:tIKdaOKmfOjS9M+ucMyLv0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-