General
-
Target
PROFORMA INVOICE.gz
-
Size
436KB
-
Sample
210226-t88grf7w8n
-
MD5
d026f19fccd18f95ed9d456f98129218
-
SHA1
37deff28e2b4607e5740805fd17aa3d33f578ace
-
SHA256
4bbf9ed702b29b21bf873a4c492534217b3a3e1db434293973665a6981c646ac
-
SHA512
b3d3cfdf691e54df1770d4e3de31b3795e41e72e47e6361959546dfae48ec2fa63fac4895e914d769a58f691867a69dc4b5577ee16a4aa60c50e9f4458b05366
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PROFORMA INVOICE.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.hybridgroupco.com - Port:
587 - Username:
[email protected] - Password:
Obinna123@@@
Targets
-
-
Target
PROFORMA INVOICE.exe
-
Size
774KB
-
MD5
b58d742577f386edbf58075fff9ffacc
-
SHA1
a2b677224dc4fd241018dc05d0bf788df090cf01
-
SHA256
ed5aeb58bb7327270d75e75505bc2322bb62e5764b4245dba88d5a91c40ebe8b
-
SHA512
19dfc707c7dc31ba73cf20b3f986ed956d076b88781ca50b7e5409d877788bddfcdc14a9a7dc7ed12baa407a62d72f9622c8740d7e4d8f5b9a5244f09d7d28d4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-