General
-
Target
INVOICE E-4137 REV.1 AND E-4136.exe
-
Size
534KB
-
Sample
211019-j4e73afde4
-
MD5
cda024dda8157003d8b0d712b35e5e34
-
SHA1
aeceba6b820ffe7cfab69d210564820a5908e5cb
-
SHA256
4e3fcc5ee2cb32c94894e959ef579436dd2c564cdc83970966109d3c2710b045
-
SHA512
7ed7dae5f3452ae62fdc53bf7131f7e117cd24abad94ae3246a3d772e4dc82b4094de2fcdf21ffb9b4133f2f47a01015d565f74134c0d0056dbfef3a1063569c
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE E-4137 REV.1 AND E-4136.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
INVOICE E-4137 REV.1 AND E-4136.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bulletproofprotections.com - Port:
587 - Username:
[email protected] - Password:
Everest10account
Targets
-
-
Target
INVOICE E-4137 REV.1 AND E-4136.exe
-
Size
534KB
-
MD5
cda024dda8157003d8b0d712b35e5e34
-
SHA1
aeceba6b820ffe7cfab69d210564820a5908e5cb
-
SHA256
4e3fcc5ee2cb32c94894e959ef579436dd2c564cdc83970966109d3c2710b045
-
SHA512
7ed7dae5f3452ae62fdc53bf7131f7e117cd24abad94ae3246a3d772e4dc82b4094de2fcdf21ffb9b4133f2f47a01015d565f74134c0d0056dbfef3a1063569c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-