General
-
Target
overdue invoice PDF.exe
-
Size
820KB
-
Sample
211022-fn5k8scadr
-
MD5
e1ecea0bc4b06e4ed65e1e61004ec221
-
SHA1
b48b8b03198c6b5c04da12afa1fa755f70a7b574
-
SHA256
95adb79ec9bd9c77bba228ecee761419cd852a3aa302a7cd7bec0834952666a3
-
SHA512
6b7e7b499c7860abb5af191a9f4ee69c6a8a72a11d508453ad70520128a5a0ebf81eb82667969e061bb4caf81c0f8077149b28d47387a1cb1d5554257db927d8
Static task
static1
Behavioral task
behavioral1
Sample
overdue invoice PDF.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
overdue invoice PDF.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vibranthonda.co - Port:
587 - Username:
parts@vibranthonda.co - Password:
RADHE@123
Targets
-
-
Target
overdue invoice PDF.exe
-
Size
820KB
-
MD5
e1ecea0bc4b06e4ed65e1e61004ec221
-
SHA1
b48b8b03198c6b5c04da12afa1fa755f70a7b574
-
SHA256
95adb79ec9bd9c77bba228ecee761419cd852a3aa302a7cd7bec0834952666a3
-
SHA512
6b7e7b499c7860abb5af191a9f4ee69c6a8a72a11d508453ad70520128a5a0ebf81eb82667969e061bb4caf81c0f8077149b28d47387a1cb1d5554257db927d8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-