General
-
Target
invoice.exe
-
Size
1.0MB
-
Sample
210727-rez2l55gea
-
MD5
ffce81b27dd34935f5371161cc84891b
-
SHA1
a55136da4f4640bde0732f586b07e878be9d6c94
-
SHA256
d94d8b336a0abcfb47c21091d7e6ea47539cdb4a16c378ea3aa54ee28c15b7c9
-
SHA512
97e3c58cb513baa37b2e83c3704bbdca5886b51c0b780e12e84029683c3f9fab93966e68b0153aba2506dfe7dc3d04e275e5003e10f52a2b8f9d1b1b86244bbd
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marcer.com.tr - Port:
587 - Username:
muhasebe@marcer.com.tr - Password:
mar1453
Targets
-
-
Target
invoice.exe
-
Size
1.0MB
-
MD5
ffce81b27dd34935f5371161cc84891b
-
SHA1
a55136da4f4640bde0732f586b07e878be9d6c94
-
SHA256
d94d8b336a0abcfb47c21091d7e6ea47539cdb4a16c378ea3aa54ee28c15b7c9
-
SHA512
97e3c58cb513baa37b2e83c3704bbdca5886b51c0b780e12e84029683c3f9fab93966e68b0153aba2506dfe7dc3d04e275e5003e10f52a2b8f9d1b1b86244bbd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-