General
-
Target
Proformes invoice #09-14-2021.rar
-
Size
397KB
-
Sample
210915-h193ladbbm
-
MD5
5ec6caa22367eb76377f9c3e86eb45bc
-
SHA1
f6771800dddfce50c370e63a7e00292cd977f30d
-
SHA256
ae1c181642c43b3bb914fcf45a88a2e6ca694e8a4f26b6f01c335b52e9ba7c1f
-
SHA512
8b534e9c87c23ee99af5297b282bb87db66d67473d416c1adb99c12495d35a5d974260889cf564e1ccdcd035332ee754715caca4493ca49a76cc5e6e1edcf6f7
Static task
static1
Behavioral task
behavioral1
Sample
Proforme invoice.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Proforme invoice.exe
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
in23529@outlook.com - Password:
Godisgreat0803
Targets
-
-
Target
Proforme invoice.exe
-
Size
1003KB
-
MD5
e06203fc38f6e1feeebbfda689a3c3ba
-
SHA1
eeeb9935a650e41711c99675f3f579610391b9b3
-
SHA256
c9fc6e398381a3152e36eec50f7157bde0a38462bd3345256487d9ab08eb6acc
-
SHA512
856f03489826a27e23961e35ada7e223b1f933522ed2c81a06685a3b6a328b1a71490c64d6981d72f1d64890ddf6d69f3ac4bd3b5e02e860a6fa697ad744941e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-