General
-
Target
AWB DHL 6357297368.exe
-
Size
401KB
-
Sample
200630-tv2tnyys7a
-
MD5
1221300c3d055641e3067c1699aa20e3
-
SHA1
736fb0ca19750112c72dfb189b4dc0539303f45e
-
SHA256
addb2e3a02342b031f2313bfc910927b94904faed320fc4b52e4b8fec77d622b
-
SHA512
7a4a365cc87d5d8acc68cceced203b48c2c63190e335294601e0c905fffc44ebc214aff2eb77cc352eafbb8c96fd000d9eed684746b7271560cda162ff935903
Static task
static1
Behavioral task
behavioral1
Sample
AWB DHL 6357297368.exe
Resource
win7
Behavioral task
behavioral2
Sample
AWB DHL 6357297368.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
info@pptoursperu.com - Password:
mailppt2019-
Targets
-
-
Target
AWB DHL 6357297368.exe
-
Size
401KB
-
MD5
1221300c3d055641e3067c1699aa20e3
-
SHA1
736fb0ca19750112c72dfb189b4dc0539303f45e
-
SHA256
addb2e3a02342b031f2313bfc910927b94904faed320fc4b52e4b8fec77d622b
-
SHA512
7a4a365cc87d5d8acc68cceced203b48c2c63190e335294601e0c905fffc44ebc214aff2eb77cc352eafbb8c96fd000d9eed684746b7271560cda162ff935903
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-