General
-
Target
invoice.exe
-
Size
149KB
-
Sample
210922-l3rwksegdn
-
MD5
46a9cde2229b45d390ad40ce0cc997f9
-
SHA1
ddf3a356e42d2a15ccd930b0d5c6d7077824ef8f
-
SHA256
4c4a0595a5ac3499e7d398aa9cbbea5fc5a77836be706c50bbae6dd7c0c6aadb
-
SHA512
75a082b7a9a0df0a2b9f26fffcf8592f13d46c2b5bffc8830a100efcdd4cfa8394bb2a567f74c4c890f4f9cdcdeb103900cbb2990494971a119e2d128910340f
Score
10/10
Malware Config
Extracted
Family
agenttesla
Credentials
Protocol: smtp- Host:
mail.aquaclima.gr - Port:
587 - Username:
[email protected] - Password:
N]t+~*2=X1@o
Targets
-
-
Target
invoice.exe
-
Size
149KB
-
MD5
46a9cde2229b45d390ad40ce0cc997f9
-
SHA1
ddf3a356e42d2a15ccd930b0d5c6d7077824ef8f
-
SHA256
4c4a0595a5ac3499e7d398aa9cbbea5fc5a77836be706c50bbae6dd7c0c6aadb
-
SHA512
75a082b7a9a0df0a2b9f26fffcf8592f13d46c2b5bffc8830a100efcdd4cfa8394bb2a567f74c4c890f4f9cdcdeb103900cbb2990494971a119e2d128910340f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies Windows Defender Real-time Protection settings
-
Turns off Windows Defender SpyNet reporting
-
Windows security bypass
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Detected potential entity reuse from brand microsoft.
-
Suspicious use of SetThreadContext
-