General
-
Target
DHL EXPRESS AWB 3245888693- Shipment notification.exe
-
Size
761KB
-
Sample
200731-w9sza36xm6
-
MD5
dba92db43e4ff19b5b935619c8790d43
-
SHA1
024838721ec8488ee609e859c150c451e5e8deb7
-
SHA256
44f1c379aadd01897d008e197ea88d004ca0013b640d3450dacab6623b16b8e1
-
SHA512
43d5cb19d461287a483f89373b3fbd0cbae1e868e9acedc0e24d386de9866d873c5c82e784ba97e97b46eb299b15d9160f2eee72219cbd4519a3207c57b25475
Static task
static1
Behavioral task
behavioral1
Sample
DHL EXPRESS AWB 3245888693- Shipment notification.exe
Resource
win7
Behavioral task
behavioral2
Sample
DHL EXPRESS AWB 3245888693- Shipment notification.exe
Resource
win10v200722
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.totallyanonymous.com - Port:
587 - Username:
myofficeworkforce@totallyanonymous.com - Password:
WNap~n5E#_rD
Targets
-
-
Target
DHL EXPRESS AWB 3245888693- Shipment notification.exe
-
Size
761KB
-
MD5
dba92db43e4ff19b5b935619c8790d43
-
SHA1
024838721ec8488ee609e859c150c451e5e8deb7
-
SHA256
44f1c379aadd01897d008e197ea88d004ca0013b640d3450dacab6623b16b8e1
-
SHA512
43d5cb19d461287a483f89373b3fbd0cbae1e868e9acedc0e24d386de9866d873c5c82e784ba97e97b46eb299b15d9160f2eee72219cbd4519a3207c57b25475
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-