General
-
Target
proforma invoice.zip
-
Size
403KB
-
Sample
210726-h5zwz6snm2
-
MD5
ec3d543759a227ebb168e01ff2654722
-
SHA1
dffb48e750a47642dc740fcd8f37f530e9dfe4f0
-
SHA256
08353e95d3d91e127b57b9fb6a8ebabafc39fd5d7962d4107eb1f3459262273e
-
SHA512
2c356333a1f9f9fc7212b38d96ac42aac1ff31efc2455bed1d115c089a592cac1cb1f56f95da35576bc7e60dfb62c5ebdf9e0a4e1ae65afcff4795314012f729
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
proforma invoice.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.framafilms.com - Port:
587 - Username:
framafilmsint@framafilms.com - Password:
lister11
Targets
-
-
Target
proforma invoice.exe
-
Size
490KB
-
MD5
abf840926f297ae1783d26179435a7c7
-
SHA1
a987cba29f906967b5f84803b1e1594d10e09da9
-
SHA256
1de76edc36df8fc966ce695474bfdb15e937610ad67deef22ae699695e185a76
-
SHA512
26c732bb6357745705606ea0b63bf3dd5b58db5b911e66a54fbfbcc32ea94876cfc142eed9a39f629f2a005caa4a25304a0433de6defecf686aed67bfe27723f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-