General
-
Target
Proforma Invoice PDF.ace
-
Size
55KB
-
Sample
211019-lsrg3agdfk
-
MD5
5ab962a85e0543af57e847973fa3b492
-
SHA1
17ee48d5c148c7a9ccac0fd0f565caeaeb656a5e
-
SHA256
d71e3549a3aaeacbdc919630dbd1d5f67777d3fd7ec10eaae36099f1bdeef50e
-
SHA512
8092689f4d9995c954faed0c42f172185fbc0e97b217bcd2bea842d5c21be87f8d6cca90b36b7da35ee643da5ddfc4060550be97ccca26cdcd6d66a366819a86
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice PDF.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Proforma Invoice PDF.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
kerekesfoto.com - Port:
587 - Username:
[email protected] - Password:
admin@abc123
Targets
-
-
Target
Proforma Invoice PDF.exe
-
Size
82KB
-
MD5
e77c819969d8520d9bbd027dd1bfaa04
-
SHA1
27d6482b5777767e98838d5dd2e9d431e2f3ae97
-
SHA256
6fa5cdc1c01f21f752a968277cb495f3bf83b9171456b83483be4d5d4cea543d
-
SHA512
de26847a6cc7244ecf566ab2e3126ab27f14b86a8404f30871fc0606fcac8e2dec21c2552c777e7faa945136343e0999c5017e015d72ab79990c5373d40f5748
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-