General
-
Target
invo5514155.pdf.gz
-
Size
546KB
-
Sample
210727-22xejbmcz6
-
MD5
4a6340eeab6b7c8b6d9fd08db4c3ebc0
-
SHA1
52d1962f0a99aca2ee1bac502f170d38569ca5f0
-
SHA256
eea242ea0738fd80692f38a8dc59faf17555d717d110d04b32d542c4ed9fb9a8
-
SHA512
1abcc9842a1cccaa65e1db117f435587e65ae2f7ad8d10b81f7262a0cdacda05901e31717fd4171622f4317e2d448aa8fddb7cae8ffb43ca4b2cb920e3711149
Static task
static1
Behavioral task
behavioral1
Sample
invo5514155.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
invo5514155.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.simpleitalian.com.au - Port:
587 - Username:
bookings@simpleitalian.com.au - Password:
SIpassword101$
Targets
-
-
Target
invo5514155.exe
-
Size
687KB
-
MD5
fc0b0215e0ec8169fcd6556e236302c1
-
SHA1
e7b965067c6b7be5e24ad284562a9bac91e591e3
-
SHA256
4012c4289aa953f24fdc7e1e257f2d9b04f835a8d6bd1b8eb919271c46a7db62
-
SHA512
7359ba0dd283d5e9976d2604a87e8a48339e8d2f5433bd2488a2745c6443da672fe9889805b22f6044e2469333ef58b65d37d5f73eae3ab06b76d12704f5c0bd
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Suspicious use of SetThreadContext
-