General
-
Target
proforma invoice.exe
-
Size
453KB
-
Sample
201109-drm2advq82
-
MD5
04dfee364770b42beae6cd931bdff099
-
SHA1
30d15b8fa934d84cf8652e1d80b60a263e02c29e
-
SHA256
012edf2acec37175b25f3f4be8044f10a0113ce517d6240e4ac1536c9c45cbe8
-
SHA512
aa3322534e3d483a45c9e3153cb45df6189628d69f9e26c2761fefb576ca9023dc0bfad6eeab3e02ecb06a740cee075f896ebff2351f216e80cef0497cfee714
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice.exe
Resource
win7v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
m4rkusyoung@yandex.com - Password:
123@Ossymbo
Targets
-
-
Target
proforma invoice.exe
-
Size
453KB
-
MD5
04dfee364770b42beae6cd931bdff099
-
SHA1
30d15b8fa934d84cf8652e1d80b60a263e02c29e
-
SHA256
012edf2acec37175b25f3f4be8044f10a0113ce517d6240e4ac1536c9c45cbe8
-
SHA512
aa3322534e3d483a45c9e3153cb45df6189628d69f9e26c2761fefb576ca9023dc0bfad6eeab3e02ecb06a740cee075f896ebff2351f216e80cef0497cfee714
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-