General
-
Target
INVOICE_(F46-13 ).exe
-
Size
1.1MB
-
Sample
201205-jlwlgmsdwe
-
MD5
19051a2ab285284f277ec3c35bf3784f
-
SHA1
bf0c7dac253ef3a1229103066b6be4c5f87e4939
-
SHA256
1d35fbe1961f63fcc426c5a332d5dfc93dd051ecdfd17ea47790f80f22171ce1
-
SHA512
3f898dd4cc2640a7fdd453cc797bdc3591975336acaeecda1053e8ad47b8cbb970ad2e52bde05f548b12c36036cc87eab5cf7571d96fc74019520cecbd9dfc0b
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE_(F46-13 ).exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
INVOICE_(F46-13 ).exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.transgear.in - Port:
587 - Username:
purchase@transgear.in - Password:
purchase@2020*
Targets
-
-
Target
INVOICE_(F46-13 ).exe
-
Size
1.1MB
-
MD5
19051a2ab285284f277ec3c35bf3784f
-
SHA1
bf0c7dac253ef3a1229103066b6be4c5f87e4939
-
SHA256
1d35fbe1961f63fcc426c5a332d5dfc93dd051ecdfd17ea47790f80f22171ce1
-
SHA512
3f898dd4cc2640a7fdd453cc797bdc3591975336acaeecda1053e8ad47b8cbb970ad2e52bde05f548b12c36036cc87eab5cf7571d96fc74019520cecbd9dfc0b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-