General
-
Target
PAYMENT FOR OVERDUE INVOICE1.zip
-
Size
420KB
-
Sample
211020-earlsahedj
-
MD5
8bffb60b4d18b7cbbd7bc4dead4e9d02
-
SHA1
381aff26f6ed5712e8e2e330113fbc6415675117
-
SHA256
a4cfd91dcbdb28c39be3479755474b7ab022700ab7399e380df87db11ff808bf
-
SHA512
6c74a9fb07ed317fac077d1e6e17a52fdb7f4819391e2733a81f210815723e8dd61d67ba1fe242dafa8cb2735498e874779798a14268eb1bae355b7d5edbea81
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT FOR OVERDUE INVOICE1.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PAYMENT FOR OVERDUE INVOICE1.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
[email protected] - Password:
mmm777
Targets
-
-
Target
PAYMENT FOR OVERDUE INVOICE1.exe
-
Size
473KB
-
MD5
17c013ef54d77f3a21dba1015a5d0a6d
-
SHA1
2e03a063dacf2ab5da74fc804420be20ec539235
-
SHA256
2cdb5e01ac073690d5c4a3ed3ba53eca94dbb701c7811f088a89b8ca9a6e2670
-
SHA512
ca294feb4050751537a4f0822b40ffd4d03206aa7bdc5bbd43a958d962dcd93695fbb5f9a9226d9cbf4649952deed3eb36cb90596fc507160827c7ec95fe65af
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-