General
-
Target
DHL Details.exe
-
Size
1.2MB
-
Sample
210122-d1rr62ljhn
-
MD5
e0ebf5297cd0ef368872846be220cb17
-
SHA1
cec0bfec250fe5f031e90ff5aaf5b15c6216f222
-
SHA256
5cd5db1f2bc06d7827e42e7e81a180b0abb3a937cd106ed0e3e2813833d3469b
-
SHA512
28925c284fc98432ca99da64d1048fb596f3d8fb7c00006d06d7646b471bd4900476cc11337b63bf9d2fc1c9f2c2adf2a7532dba2cf546fea8c9183474b1bee3
Static task
static1
Behavioral task
behavioral1
Sample
DHL Details.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DHL Details.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
milli@emremetal.xyz - Password:
TB@h;x2zl*5c
Extracted
Protocol: smtp- Host:
server126.web-hosting.com - Port:
587 - Username:
milli@emremetal.xyz - Password:
TB@h;x2zl*5c
Targets
-
-
Target
DHL Details.exe
-
Size
1.2MB
-
MD5
e0ebf5297cd0ef368872846be220cb17
-
SHA1
cec0bfec250fe5f031e90ff5aaf5b15c6216f222
-
SHA256
5cd5db1f2bc06d7827e42e7e81a180b0abb3a937cd106ed0e3e2813833d3469b
-
SHA512
28925c284fc98432ca99da64d1048fb596f3d8fb7c00006d06d7646b471bd4900476cc11337b63bf9d2fc1c9f2c2adf2a7532dba2cf546fea8c9183474b1bee3
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-