General
-
Target
PAYMENT FOR OVERDUE INVOICE.exe
-
Size
524KB
-
Sample
211019-p3gx6agfhm
-
MD5
96cf34669c65a64d54b2a94e30d5f0b1
-
SHA1
e6f0c5bddacd46161264cf6732a058a8a8653d94
-
SHA256
95343899c04fd43017de6b2ab77d9c3bbb5efc31c80bad0ac2cad17ffd22a4ef
-
SHA512
c91a0b1e9925b65374c50560446bf45ea47948bcf7303d06f54ec07a7a52cbdcafdc14978c5d25e72d7751d3d477e755b646bb8b58386c56e3a742b265c1063b
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT FOR OVERDUE INVOICE.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PAYMENT FOR OVERDUE INVOICE.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
PAYMENT FOR OVERDUE INVOICE.exe
-
Size
524KB
-
MD5
96cf34669c65a64d54b2a94e30d5f0b1
-
SHA1
e6f0c5bddacd46161264cf6732a058a8a8653d94
-
SHA256
95343899c04fd43017de6b2ab77d9c3bbb5efc31c80bad0ac2cad17ffd22a4ef
-
SHA512
c91a0b1e9925b65374c50560446bf45ea47948bcf7303d06f54ec07a7a52cbdcafdc14978c5d25e72d7751d3d477e755b646bb8b58386c56e3a742b265c1063b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-