General
-
Target
invoice.exe
-
Size
903KB
-
Sample
210511-p8q396mm1n
-
MD5
8eb7c6ab99d209a1f57014f438e17581
-
SHA1
e22da9380a096eccd01d91d0e9630d21a92f9c62
-
SHA256
11651b354e8f6611ab8aa9fc86ec94bfd0112cdfe8ebb4bbb2d8a6119a003ec5
-
SHA512
bb95b6453c60b54970d8d6b8280f8764e8c504f697f07577531c0589718e270bb8fd4aeca86965a474883ad4360c9d2c96f645c6bec2f815ac6c676fae91e3f0
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rakub.org.bd - Port:
587 - Username:
zmlalmonirhat@rakub.org.bd - Password:
zlal159357
Targets
-
-
Target
invoice.exe
-
Size
903KB
-
MD5
8eb7c6ab99d209a1f57014f438e17581
-
SHA1
e22da9380a096eccd01d91d0e9630d21a92f9c62
-
SHA256
11651b354e8f6611ab8aa9fc86ec94bfd0112cdfe8ebb4bbb2d8a6119a003ec5
-
SHA512
bb95b6453c60b54970d8d6b8280f8764e8c504f697f07577531c0589718e270bb8fd4aeca86965a474883ad4360c9d2c96f645c6bec2f815ac6c676fae91e3f0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-