General
-
Target
CORRECT INVOICE.exe
-
Size
528KB
-
Sample
201126-tagkell7rs
-
MD5
9968a84f926b882fe6d76e20678424ac
-
SHA1
78859dc0792f58b8a0eef20ee5eb3d82db24667c
-
SHA256
ce2c29bbd18352557dd6fb16e294265d66d8d13e6d0586ef8030bbeb28e0cc97
-
SHA512
f732db1c908aab2d0bd2a0cb2fa607a3551021ef0483dac26eefaae67811fdd6a37b87082dae3871ae613c5240a72948d32cc3591894d1d2a3591aa2549ac72e
Static task
static1
Behavioral task
behavioral1
Sample
CORRECT INVOICE.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
CORRECT INVOICE.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ailne-medical.com - Port:
587 - Username:
sales10@ailne-medical.com - Password:
Pass@324dadvui
Targets
-
-
Target
CORRECT INVOICE.exe
-
Size
528KB
-
MD5
9968a84f926b882fe6d76e20678424ac
-
SHA1
78859dc0792f58b8a0eef20ee5eb3d82db24667c
-
SHA256
ce2c29bbd18352557dd6fb16e294265d66d8d13e6d0586ef8030bbeb28e0cc97
-
SHA512
f732db1c908aab2d0bd2a0cb2fa607a3551021ef0483dac26eefaae67811fdd6a37b87082dae3871ae613c5240a72948d32cc3591894d1d2a3591aa2549ac72e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-