General
-
Target
DHL.exe
-
Size
1.2MB
-
Sample
241021-sgqvqazdkm
-
MD5
38746734e4e287d65ed65578c1061643
-
SHA1
054c53403bee29c2b1738ab1de2eff76f23c05c4
-
SHA256
339f0ed83e05e28b1b8012a283a081fe5a925a64007ea197335d0dd9036ae438
-
SHA512
249b3b757de765d753947b78e81cab918b0002a5e16a5215b4867219015c4e848e4f9ec0823da839aaf8689aa5b6b2e51a94bfdcc35d49a0d4d1c70f11702c74
-
SSDEEP
24576:mPdPt1qjIRYqSSI+sQW5XHgQTR94urcGapylv7z6P89AMW:KV1QqCLQW5XHdnd7y89AMW
Static task
static1
Behavioral task
behavioral1
Sample
DHL.exe
Resource
win7-20240903-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
oadc jzrw bmvr klnl
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
oadc jzrw bmvr klnl - Email To:
[email protected]
Targets
-
-
Target
DHL.exe
-
Size
1.2MB
-
MD5
38746734e4e287d65ed65578c1061643
-
SHA1
054c53403bee29c2b1738ab1de2eff76f23c05c4
-
SHA256
339f0ed83e05e28b1b8012a283a081fe5a925a64007ea197335d0dd9036ae438
-
SHA512
249b3b757de765d753947b78e81cab918b0002a5e16a5215b4867219015c4e848e4f9ec0823da839aaf8689aa5b6b2e51a94bfdcc35d49a0d4d1c70f11702c74
-
SSDEEP
24576:mPdPt1qjIRYqSSI+sQW5XHgQTR94urcGapylv7z6P89AMW:KV1QqCLQW5XHdnd7y89AMW
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-