General
-
Target
DHL_INVOICE_DOCUMENT_73835665756_6884983743_PDF.bat.exe
-
Size
812KB
-
Sample
240618-xm3tpavbqe
-
MD5
9f34343bee72c4f4efd43685333c3728
-
SHA1
0b51c74cafb6af6682c2b2743621e65c75f0e585
-
SHA256
ac7341ace222bc469a357f03c99f5bb261e4119f19650fd71aeae73dc0815340
-
SHA512
54cfced3dff0fb8b3373cc27261b6047c8aae2843ad60198073cf26635dc5d1a0edd1c4184cfc75614acb24411309049a338ea1242cf4f5c51a19336c7bfd650
-
SSDEEP
12288:WTlWc81HRYjrBrEbi7Jzjts8zzlC9aRMvUWRN+DAzyHJQ2SxWx/J:GlSRkrwi7J1zU9W6KDAeJQ2SW
Static task
static1
Behavioral task
behavioral1
Sample
DHL_INVOICE_DOCUMENT_73835665756_6884983743_PDF.bat.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
DHL_INVOICE_DOCUMENT_73835665756_6884983743_PDF.bat.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.inducolma.com.co - Port:
587 - Username:
[email protected] - Password:
inducolma57 - Email To:
[email protected]
Targets
-
-
Target
DHL_INVOICE_DOCUMENT_73835665756_6884983743_PDF.bat.exe
-
Size
812KB
-
MD5
9f34343bee72c4f4efd43685333c3728
-
SHA1
0b51c74cafb6af6682c2b2743621e65c75f0e585
-
SHA256
ac7341ace222bc469a357f03c99f5bb261e4119f19650fd71aeae73dc0815340
-
SHA512
54cfced3dff0fb8b3373cc27261b6047c8aae2843ad60198073cf26635dc5d1a0edd1c4184cfc75614acb24411309049a338ea1242cf4f5c51a19336c7bfd650
-
SSDEEP
12288:WTlWc81HRYjrBrEbi7Jzjts8zzlC9aRMvUWRN+DAzyHJQ2SxWx/J:GlSRkrwi7J1zU9W6KDAeJQ2SW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Suspicious use of SetThreadContext
-