General
-
Target
Invoice 209067.exe
-
Size
493KB
-
Sample
211021-lkxn4saba2
-
MD5
7ddd177e688a3e1a4b178b82f66428fe
-
SHA1
c0019eaeade79c2b1e80762b9bb0e754f15d7b59
-
SHA256
52ec9a46714cf3e8d534d75ab78ab85e51a337073bf03ba819937c830fbdfa54
-
SHA512
c7aaf3baff40d7a1d6c11a63be1a5adbd5af6a07af6d79adca72fc9abaaf35df88565d8cd80db6a478252a1dbe417e3b0c22b2b5428063a75fdddbf4b1f34fe5
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 209067.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Invoice 209067.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webmail.karanex.com - Port:
587 - Username:
kendakenda@karanex.com - Password:
zarazita404
Targets
-
-
Target
Invoice 209067.exe
-
Size
493KB
-
MD5
7ddd177e688a3e1a4b178b82f66428fe
-
SHA1
c0019eaeade79c2b1e80762b9bb0e754f15d7b59
-
SHA256
52ec9a46714cf3e8d534d75ab78ab85e51a337073bf03ba819937c830fbdfa54
-
SHA512
c7aaf3baff40d7a1d6c11a63be1a5adbd5af6a07af6d79adca72fc9abaaf35df88565d8cd80db6a478252a1dbe417e3b0c22b2b5428063a75fdddbf4b1f34fe5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-