General
-
Target
Invoice 204498.gz
-
Size
419KB
-
Sample
211020-gnz67agfb2
-
MD5
71da16ee7a6d511a10cbf99b30de0d8d
-
SHA1
407a2b4f5b4704349225d0321a2e7fbb8974664f
-
SHA256
c8a489400d5db4b0512741a80ef1c988256b73734f6d21ba815e3fc0445ae92b
-
SHA512
c822ff21c091f86a8d4d9ec87d2157fbfcb8b4a960f3b361ac39913546e39a7805f8ec9c150a6efc26f644231a70d088b82f2d537033c74b089e877ea96f7133
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 204498.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Invoice 204498.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.karanex.com - Port:
587 - Username:
[email protected] - Password:
zarazita404
Targets
-
-
Target
Invoice 204498.exe
-
Size
476KB
-
MD5
aa968f7bd982cc2c85f28a845c4ecb3f
-
SHA1
8bfb6a0b7ada40a5a0585eed5686fc0a4a7601d8
-
SHA256
79f55618c67e8e0d6210d594cd167a070b0e1b81abcc239d889b8edd3e3f85d6
-
SHA512
15a4d8b0de611f5df5cb3311e358b327bd499bc6ed5c33bee7bbe32a7f1e5d5f395a36567238b15421008cd79815efcf1cc68c9382d9cab39be1bf575d766ada
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-