General
-
Target
Proformes invoice #09-14-2021.iso
-
Size
1.5MB
-
Sample
210915-hn8c8saac6
-
MD5
94abf208036e51b21c396d0527e51bef
-
SHA1
451e4ca3d0fa385824e498a92011f8250658e61c
-
SHA256
fef5268d7f0360108bba7f2847b0e5f5b572e20a87bdc543d16410e2cdcc9eaa
-
SHA512
b93ee5eed2e57efa8db6c0b195bfa1ffd1111d95a715ea2d95ba1be45ed0d5e293fa5dd9e972f4b8fc0f40e382bf3288db791161d9443fe79d1e7ebb2464e503
Static task
static1
Behavioral task
behavioral1
Sample
PROFORME.EXE
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PROFORME.EXE
Resource
win10-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.outlook.com - Port:
587 - Username:
in23529@outlook.com - Password:
Godisgreat0803
Targets
-
-
Target
PROFORME.EXE
-
Size
1003KB
-
MD5
e06203fc38f6e1feeebbfda689a3c3ba
-
SHA1
eeeb9935a650e41711c99675f3f579610391b9b3
-
SHA256
c9fc6e398381a3152e36eec50f7157bde0a38462bd3345256487d9ab08eb6acc
-
SHA512
856f03489826a27e23961e35ada7e223b1f933522ed2c81a06685a3b6a328b1a71490c64d6981d72f1d64890ddf6d69f3ac4bd3b5e02e860a6fa697ad744941e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-