General
-
Target
invoice.exe
-
Size
149KB
-
Sample
210922-l3rwksegdn
-
MD5
46a9cde2229b45d390ad40ce0cc997f9
-
SHA1
ddf3a356e42d2a15ccd930b0d5c6d7077824ef8f
-
SHA256
4c4a0595a5ac3499e7d398aa9cbbea5fc5a77836be706c50bbae6dd7c0c6aadb
-
SHA512
75a082b7a9a0df0a2b9f26fffcf8592f13d46c2b5bffc8830a100efcdd4cfa8394bb2a567f74c4c890f4f9cdcdeb103900cbb2990494971a119e2d128910340f
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquaclima.gr - Port:
587 - Username:
[email protected] - Password:
N]t+~*2=X1@o
Targets
-
-
Target
invoice.exe
-
Size
149KB
-
MD5
46a9cde2229b45d390ad40ce0cc997f9
-
SHA1
ddf3a356e42d2a15ccd930b0d5c6d7077824ef8f
-
SHA256
4c4a0595a5ac3499e7d398aa9cbbea5fc5a77836be706c50bbae6dd7c0c6aadb
-
SHA512
75a082b7a9a0df0a2b9f26fffcf8592f13d46c2b5bffc8830a100efcdd4cfa8394bb2a567f74c4c890f4f9cdcdeb103900cbb2990494971a119e2d128910340f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Turns off Windows Defender SpyNet reporting
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-