General
-
Target
Invoice.doc.exe
-
Size
860KB
-
Sample
210915-hlchsadafn
-
MD5
6701efac5ff142914e5b353571045b83
-
SHA1
614b96a8c0f1f4732b5948b9ca8b8262edc9318a
-
SHA256
4f9e6d626a2aa193431ca948dde9a3e526124f88dec8ed465ec7785d99368432
-
SHA512
dad3059096af254b6e24a5f4d565de0c351093f50a58204195195e8e25f5b3818404ca49421e4f1e71a0b61da6d93a718079b6da01d2bee0d30a3cceef870c61
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.doc.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
Invoice.doc.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.esquiresweaters.com - Port:
587 - Username:
imam@esquiresweaters.com - Password:
Esquire@#2078
Targets
-
-
Target
Invoice.doc.exe
-
Size
860KB
-
MD5
6701efac5ff142914e5b353571045b83
-
SHA1
614b96a8c0f1f4732b5948b9ca8b8262edc9318a
-
SHA256
4f9e6d626a2aa193431ca948dde9a3e526124f88dec8ed465ec7785d99368432
-
SHA512
dad3059096af254b6e24a5f4d565de0c351093f50a58204195195e8e25f5b3818404ca49421e4f1e71a0b61da6d93a718079b6da01d2bee0d30a3cceef870c61
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-