General
-
Target
invoice.exe
-
Size
465KB
-
Sample
211020-gdfpsshehq
-
MD5
94e2058fe9f2c02836c827fbb0e06ef7
-
SHA1
06cf03bd37a5d1c2c36bb50d3298872a63e701e0
-
SHA256
4e5ce14b2cd597bd70f739be171599d4af7f1f7108931ff38958166bd6642023
-
SHA512
904f9f394346b3df1db68dd3b4ee0ad373e6d35098d9659b49bd3f4974c2ac365a3186924114ead255da9e8dff05ec14de7a1685326be5a2526e3300c805e597
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.maxsweater.com - Port:
587 - Username:
[email protected] - Password:
max1234
Targets
-
-
Target
invoice.exe
-
Size
465KB
-
MD5
94e2058fe9f2c02836c827fbb0e06ef7
-
SHA1
06cf03bd37a5d1c2c36bb50d3298872a63e701e0
-
SHA256
4e5ce14b2cd597bd70f739be171599d4af7f1f7108931ff38958166bd6642023
-
SHA512
904f9f394346b3df1db68dd3b4ee0ad373e6d35098d9659b49bd3f4974c2ac365a3186924114ead255da9e8dff05ec14de7a1685326be5a2526e3300c805e597
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-