General
-
Target
INVOICE.exe
-
Size
447KB
-
Sample
211020-lxswpahgfp
-
MD5
ab8f0e41362d64775c1305dd85bc7412
-
SHA1
f48d3c839a6a30ec9a6fe47119733505858c39af
-
SHA256
135cadb95d5aa77cde0904370eef7816ef6be0da4cf7f309b37167ee60ec68a7
-
SHA512
b6945d27c01973aa52ccb5e5fe76d89e609b5a46f2ac57da8ad86fb5b14b875b83b70cfaac417e950d97f57f86178c896d8f7cbe4296c73c8277b27f76fd9900
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.maxsweater.com - Port:
587 - Username:
[email protected] - Password:
max1234
Targets
-
-
Target
INVOICE.exe
-
Size
447KB
-
MD5
ab8f0e41362d64775c1305dd85bc7412
-
SHA1
f48d3c839a6a30ec9a6fe47119733505858c39af
-
SHA256
135cadb95d5aa77cde0904370eef7816ef6be0da4cf7f309b37167ee60ec68a7
-
SHA512
b6945d27c01973aa52ccb5e5fe76d89e609b5a46f2ac57da8ad86fb5b14b875b83b70cfaac417e950d97f57f86178c896d8f7cbe4296c73c8277b27f76fd9900
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-