General
-
Target
invoice AL21-450.rar
-
Size
573KB
-
Sample
211014-ff8mxsgbb6
-
MD5
d8c5a19e4c5acad38accd2b3b9326a05
-
SHA1
d0a5c8853cf24150f863ba3c8eb2fdd24bdbf6e7
-
SHA256
9c52e5abbdec26b1c8066aee59d805df3fe8150e570ca06ac3a844729bf8f302
-
SHA512
5099060233aff5df0195b30ef2c9c822137b8cb2944cc9defc7a528d9739b4aa4b79b1ef1d94c1cb350524bea5b7859453f7cd398ab91992064c22c5675820fe
Static task
static1
Behavioral task
behavioral1
Sample
invoice AL21-450.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
invoice AL21-450.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jeevalabs.com - Port:
587 - Username:
account@jeevalabs.com - Password:
jeeva@123
Targets
-
-
Target
invoice AL21-450.exe
-
Size
993KB
-
MD5
59f7f57b8d6c0e55493eec56977d7cb4
-
SHA1
0740bebf070c16fca8aa5c0fada48edcc1bd9f12
-
SHA256
c932b6a0cbaa454668d2429d433fec76e7e544bb26b5bd1865a86aac4fa33434
-
SHA512
259d52573bb4f97a4d9158d2d2f53b4ea6cee27efbc8e7ffe4962ae705eb36d220e19babee78b3737e3e5bc0ab99decfc6c977aa99faf4c1abc9e445eabb3e62
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-