General
-
Target
INVOICE34_56730015.exe
-
Size
801KB
-
Sample
210511-ekbb5evfxe
-
MD5
ad623a158d7f37f547dee2ba01646c0d
-
SHA1
3d55829677ffb85e1be6feded9bec255163fe250
-
SHA256
3e144aa347f286c75f9ffe827f6239652065f468794bf567e47d87e29c3ea53b
-
SHA512
756d907400810a392d43a7a87a44a7331383463f6a0b6b4608f83542736436d9665b5e3d6e2fffebd532aa43680d339baa344d60d7274dd26ef2f3f64f4dba9c
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE34_56730015.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
INVOICE34_56730015.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dadabhoy.edu.pk - Port:
587 - Username:
ghulam.sarwar@dadabhoy.edu.pk - Password:
Dadabhoy.456
Targets
-
-
Target
INVOICE34_56730015.exe
-
Size
801KB
-
MD5
ad623a158d7f37f547dee2ba01646c0d
-
SHA1
3d55829677ffb85e1be6feded9bec255163fe250
-
SHA256
3e144aa347f286c75f9ffe827f6239652065f468794bf567e47d87e29c3ea53b
-
SHA512
756d907400810a392d43a7a87a44a7331383463f6a0b6b4608f83542736436d9665b5e3d6e2fffebd532aa43680d339baa344d60d7274dd26ef2f3f64f4dba9c
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-