General
-
Target
DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe
-
Size
1.1MB
-
Sample
240701-l3dc7avfjb
-
MD5
c519e1871f1521e167b56bad94b41114
-
SHA1
bd504a951e281eb76b37de31613de084bcddeeeb
-
SHA256
c89dbc33b2bed22fe68911bf6e23eb613cebc22f868290d4576822e26092798f
-
SHA512
648ca2be6af1d37408b85764e504234942c657fa0d6c2791c08fcce35186ebf1e3b76e433701fed73f6bc5586d76d1584c49542e7e79bce17f13fc713dabf79e
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHaUCmRC4Jer37G5:1h+ZkldoPK8YaU1A3g
Static task
static1
Behavioral task
behavioral1
Sample
DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.laboratoriosvilla.com.mx - Port:
587 - Username:
[email protected] - Password:
WZ,2pliw#L)D - Email To:
[email protected]
Targets
-
-
Target
DHL AWB COMMERCAIL INVOICE AND TRACKING DETAILS.exe
-
Size
1.1MB
-
MD5
c519e1871f1521e167b56bad94b41114
-
SHA1
bd504a951e281eb76b37de31613de084bcddeeeb
-
SHA256
c89dbc33b2bed22fe68911bf6e23eb613cebc22f868290d4576822e26092798f
-
SHA512
648ca2be6af1d37408b85764e504234942c657fa0d6c2791c08fcce35186ebf1e3b76e433701fed73f6bc5586d76d1584c49542e7e79bce17f13fc713dabf79e
-
SSDEEP
24576:yAHnh+eWsN3skA4RV1Hom2KXMmHaUCmRC4Jer37G5:1h+ZkldoPK8YaU1A3g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-