General
-
Target
Sin factura 2021 NOV-INV IX 08945.exe
-
Size
757KB
-
Sample
211101-ns3w7shge6
-
MD5
0e674bdf43144fea1eeb1eed1013c59a
-
SHA1
2ee2139e2fb67b4a27e4074c21a3db12d0c665a8
-
SHA256
c2f38ab387af8786ebc37f336dd923f935098dea3821e2ef8a9e2308c3ed47e7
-
SHA512
5438664d71cab3426851bf82a1a0d68900fbe556ee1b065c2f7da522fdd3c9619a922f14a73bc245f16442ca76fd25bf07255d76ddd0870b6246b8f06cf2e41f
Static task
static1
Behavioral task
behavioral1
Sample
Sin factura 2021 NOV-INV IX 08945.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Sin factura 2021 NOV-INV IX 08945.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.acpl.net.in - Port:
587 - Username:
qcesd@acpl.net.in - Password:
Hi~M)?*G~-Zd
Targets
-
-
Target
Sin factura 2021 NOV-INV IX 08945.exe
-
Size
757KB
-
MD5
0e674bdf43144fea1eeb1eed1013c59a
-
SHA1
2ee2139e2fb67b4a27e4074c21a3db12d0c665a8
-
SHA256
c2f38ab387af8786ebc37f336dd923f935098dea3821e2ef8a9e2308c3ed47e7
-
SHA512
5438664d71cab3426851bf82a1a0d68900fbe556ee1b065c2f7da522fdd3c9619a922f14a73bc245f16442ca76fd25bf07255d76ddd0870b6246b8f06cf2e41f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-