General
-
Target
proforma invoice.exe
-
Size
490KB
-
Sample
210726-5r9tkfthy2
-
MD5
abf840926f297ae1783d26179435a7c7
-
SHA1
a987cba29f906967b5f84803b1e1594d10e09da9
-
SHA256
1de76edc36df8fc966ce695474bfdb15e937610ad67deef22ae699695e185a76
-
SHA512
26c732bb6357745705606ea0b63bf3dd5b58db5b911e66a54fbfbcc32ea94876cfc142eed9a39f629f2a005caa4a25304a0433de6defecf686aed67bfe27723f
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
proforma invoice.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Targets
-
-
Target
proforma invoice.exe
-
Size
490KB
-
MD5
abf840926f297ae1783d26179435a7c7
-
SHA1
a987cba29f906967b5f84803b1e1594d10e09da9
-
SHA256
1de76edc36df8fc966ce695474bfdb15e937610ad67deef22ae699695e185a76
-
SHA512
26c732bb6357745705606ea0b63bf3dd5b58db5b911e66a54fbfbcc32ea94876cfc142eed9a39f629f2a005caa4a25304a0433de6defecf686aed67bfe27723f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-