General
-
Target
INVOICES..exe
-
Size
1.0MB
-
Sample
210421-49pazze24x
-
MD5
8f71df24690c4f0c8f652f19486c808c
-
SHA1
522068a4258cc4d502e6e6401bbc6dbb0e1eafa7
-
SHA256
ab6dc10bd96deb553f6020091e37aaff85d25a729636a5be616b1bcc5b6fdb1b
-
SHA512
623e4129266af806b8d450395c07d5cd0941876eebb2dd3f63cef53a8695991ec8633428f881c0422f52b10ec0d8ea890decabdf624ec6df6a93e4aae148d1f2
Static task
static1
Behavioral task
behavioral1
Sample
INVOICES..exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
INVOICES..exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lallyautomobiles.net - Port:
587 - Username:
servicekrl@lallyautomobiles.net - Password:
Welcome@2021
Targets
-
-
Target
INVOICES..exe
-
Size
1.0MB
-
MD5
8f71df24690c4f0c8f652f19486c808c
-
SHA1
522068a4258cc4d502e6e6401bbc6dbb0e1eafa7
-
SHA256
ab6dc10bd96deb553f6020091e37aaff85d25a729636a5be616b1bcc5b6fdb1b
-
SHA512
623e4129266af806b8d450395c07d5cd0941876eebb2dd3f63cef53a8695991ec8633428f881c0422f52b10ec0d8ea890decabdf624ec6df6a93e4aae148d1f2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-