General

  • Target

    DHLExpress#CBJ20061809290_Paquete_de_confirmación_de_envío.exe

  • Size

    898KB

  • Sample

    240618-xm3tpavbqf

  • MD5

    aecbebeb9e3699db36e4175563a6ede1

  • SHA1

    19b26e25816f80d1edee9da01368685e35e937b4

  • SHA256

    b52b6190c2b64fc8eb7611dc6ced11294c10b2deae305322b9f09acbc9296960

  • SHA512

    d2c58916d31e9ad39aa165a4fe13a7f28e3eb926955695a501272aea329e76a6cb862722e0e227e65823b7ddcc66f5093677d5f2d1ecce678cb9b8b5cb5dfb2c

  • SSDEEP

    12288:xD1ae2lpBjoz1KMm/SIo6I6JT/sigbuTjbBpdCz:baoKaY/si8ubBXC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      DHLExpress#CBJ20061809290_Paquete_de_confirmación_de_envío.exe

    • Size

      898KB

    • MD5

      aecbebeb9e3699db36e4175563a6ede1

    • SHA1

      19b26e25816f80d1edee9da01368685e35e937b4

    • SHA256

      b52b6190c2b64fc8eb7611dc6ced11294c10b2deae305322b9f09acbc9296960

    • SHA512

      d2c58916d31e9ad39aa165a4fe13a7f28e3eb926955695a501272aea329e76a6cb862722e0e227e65823b7ddcc66f5093677d5f2d1ecce678cb9b8b5cb5dfb2c

    • SSDEEP

      12288:xD1ae2lpBjoz1KMm/SIo6I6JT/sigbuTjbBpdCz:baoKaY/si8ubBXC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks