General
-
Target
Invoice_document06242021.exe
-
Size
1.2MB
-
Sample
210624-tcs8rkdqj6
-
MD5
22038021ba9ff2f1b233ce4f4a1ab217
-
SHA1
a22086e8da15b3dd87e83573fc89da4dbd4d1fcd
-
SHA256
1ec3c886cd082c50a8f309de7277c015d49233865dc746a60cbc671df523367d
-
SHA512
aa93db72a9a896069ccb4295069b912f421264858cb42bbc58999be70999dc5283dbf4b69cbebd32d0426c76ac7be5a5a0c49c8095d031e4e85e542d73bd915f
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_document06242021.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Invoice_document06242021.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
elshcap@vivaldi.net - Password:
uiU2mz9aspuHUM3
Targets
-
-
Target
Invoice_document06242021.exe
-
Size
1.2MB
-
MD5
22038021ba9ff2f1b233ce4f4a1ab217
-
SHA1
a22086e8da15b3dd87e83573fc89da4dbd4d1fcd
-
SHA256
1ec3c886cd082c50a8f309de7277c015d49233865dc746a60cbc671df523367d
-
SHA512
aa93db72a9a896069ccb4295069b912f421264858cb42bbc58999be70999dc5283dbf4b69cbebd32d0426c76ac7be5a5a0c49c8095d031e4e85e542d73bd915f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-