General
-
Target
Invoice.exe
-
Size
1.4MB
-
Sample
210416-9gtl55ldbe
-
MD5
d33b39c996adec836b65b860fa033634
-
SHA1
1b9e13e746e7ea7a0c9d699ea1117eb2b29558d6
-
SHA256
89203c9d1ba98fde5ac5baad12944bc68d9a8b1a21a0bb61526daaca06d7b189
-
SHA512
0e79ed572abfe3408279ebe8d47c5fb26c6a608ef44380b23dd3dafab878671473b2091e4d7fac5ac00a1e2194ce7cbf74c86ae3bf41ff4c1641c5888b7da49e
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tejoofashions.com - Port:
587 - Username:
[email protected] - Password:
OmiCron#2019
Targets
-
-
Target
Invoice.exe
-
Size
1.4MB
-
MD5
d33b39c996adec836b65b860fa033634
-
SHA1
1b9e13e746e7ea7a0c9d699ea1117eb2b29558d6
-
SHA256
89203c9d1ba98fde5ac5baad12944bc68d9a8b1a21a0bb61526daaca06d7b189
-
SHA512
0e79ed572abfe3408279ebe8d47c5fb26c6a608ef44380b23dd3dafab878671473b2091e4d7fac5ac00a1e2194ce7cbf74c86ae3bf41ff4c1641c5888b7da49e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-