General
-
Target
DHLExpress#CBJ20061809290_Paquete_de_confirmación_de_envío.exe
-
Size
898KB
-
Sample
240618-xm3tpavbqf
-
MD5
aecbebeb9e3699db36e4175563a6ede1
-
SHA1
19b26e25816f80d1edee9da01368685e35e937b4
-
SHA256
b52b6190c2b64fc8eb7611dc6ced11294c10b2deae305322b9f09acbc9296960
-
SHA512
d2c58916d31e9ad39aa165a4fe13a7f28e3eb926955695a501272aea329e76a6cb862722e0e227e65823b7ddcc66f5093677d5f2d1ecce678cb9b8b5cb5dfb2c
-
SSDEEP
12288:xD1ae2lpBjoz1KMm/SIo6I6JT/sigbuTjbBpdCz:baoKaY/si8ubBXC
Static task
static1
Behavioral task
behavioral1
Sample
DHLExpress#CBJ20061809290_Paquete_de_confirmación_de_envío.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DHLExpress#CBJ20061809290_Paquete_de_confirmación_de_envío.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.zoho.eu - Port:
587 - Username:
[email protected] - Password:
office12# - Email To:
[email protected]
Targets
-
-
Target
DHLExpress#CBJ20061809290_Paquete_de_confirmación_de_envío.exe
-
Size
898KB
-
MD5
aecbebeb9e3699db36e4175563a6ede1
-
SHA1
19b26e25816f80d1edee9da01368685e35e937b4
-
SHA256
b52b6190c2b64fc8eb7611dc6ced11294c10b2deae305322b9f09acbc9296960
-
SHA512
d2c58916d31e9ad39aa165a4fe13a7f28e3eb926955695a501272aea329e76a6cb862722e0e227e65823b7ddcc66f5093677d5f2d1ecce678cb9b8b5cb5dfb2c
-
SSDEEP
12288:xD1ae2lpBjoz1KMm/SIo6I6JT/sigbuTjbBpdCz:baoKaY/si8ubBXC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-