General
-
Target
544425P.oINVO.pdf.gz
-
Size
509KB
-
Sample
210727-zbytzxg7ax
-
MD5
37288b7f602f44b984d70ba24538b9e6
-
SHA1
192d3b1e13e18c9941752faac2ba1ea1bb444645
-
SHA256
62a295e3551d9c734cba5591cb195c78075d973e408e663e799887a6887d39b2
-
SHA512
1aaf0ffbcea4b33b287e9137c3433752f0e111b44d3c851ba76bdbed7950792fd3cce191369b102674194b6d2c90c1bec3e66171f3940f4cbd484d8e304f095b
Static task
static1
Behavioral task
behavioral1
Sample
544425P.oINVO.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
544425P.oINVO.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bundabergtrophies.com.au - Port:
587 - Username:
memorials@bundabergtrophies.com.au - Password:
KzDcikPPHW
Targets
-
-
Target
544425P.oINVO.exe
-
Size
650KB
-
MD5
15e2bf94719a98435c1c99326541b5f0
-
SHA1
29d9b053727792ce4ffb1602319b8dec811b921a
-
SHA256
500c7992cee573057608d6cdb64958b16c4d6a8605be652dde71b579db731419
-
SHA512
bf12910c8008e91496563d532eb6e1d66e191e8370448d069cd6b279025b7a497f8f41c1b704773356c171cd358187f9c935b687615b6bee0d0b2b08e10142fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-