General
-
Target
invoice.exe
-
Size
1.1MB
-
Sample
210727-8x1qzxwctj
-
MD5
76a240af49acdb8ff5396abb32f84e5a
-
SHA1
a64f8bdf5ab921873c7fcac67cc380f14c5448d4
-
SHA256
1d97f0b09573ff206fdc36f12a6c6f30cb55fed8c3789e13b321382421d9151f
-
SHA512
80ffc303326778dc51962e796af56c4ede35aa465421f03b7e18b9b1b85b36dc28bc87d39e6ca765aeaa4dc3c874fcc07fd1c36a0f29fe7e9706e15ed9f8dd4d
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
vicanto@vivaldi.net - Password:
@GoodLogs@321
Targets
-
-
Target
invoice.exe
-
Size
1.1MB
-
MD5
76a240af49acdb8ff5396abb32f84e5a
-
SHA1
a64f8bdf5ab921873c7fcac67cc380f14c5448d4
-
SHA256
1d97f0b09573ff206fdc36f12a6c6f30cb55fed8c3789e13b321382421d9151f
-
SHA512
80ffc303326778dc51962e796af56c4ede35aa465421f03b7e18b9b1b85b36dc28bc87d39e6ca765aeaa4dc3c874fcc07fd1c36a0f29fe7e9706e15ed9f8dd4d
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-