General
-
Target
Invoice,.zip
-
Size
677KB
-
Sample
210420-cllnj8gc92
-
MD5
96d26966d0f3c9d1d6bb1159c208afd3
-
SHA1
eefd233390ad0bc1b4d9395cf87e1413e04fca13
-
SHA256
14f0d7dbc3dae41faac948675df206662c7ae481098064951b6fe134bff265dc
-
SHA512
9042fe3cf8021e63ae908ec1537470a64d3e6ee990ff627ce3d317e6da334fa4fae436fe06a41aa3553397219a00b2f48a2755cad66c599e40e4101d0c270b65
Static task
static1
Behavioral task
behavioral1
Sample
Invoice,.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Invoice,.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
[email protected] - Password:
Welcome@2021
Targets
-
-
Target
Invoice,.exe
-
Size
983KB
-
MD5
e6fccd33c9b592039b1b9e68c75c40ed
-
SHA1
dfa11bca779649b45aade346a9115dbae8205274
-
SHA256
16371a4c00dcbafa63e93f577306b41caa10d8a567678a7bb3ed54ae1b4cd993
-
SHA512
281d5a763fa808ae1a14d8017190a6b734fc825df92d0d23b2c200e833e59bde48f685da1c4c27d7224ac334e836d1746f3c7c3b9166de5d1bc3e3ddd483271d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-