Euro invoice.exe

General
Target

Euro invoice.exe

Size

496KB

Sample

211125-t6jy5sbbd4

Score
10 /10
MD5

15f79ec8cfa1ad6c24767d4ca45aa4cd

SHA1

3b48453cc5680c048880bb0c4f0f19f34fdf1da7

SHA256

49d22404c910a5bd1b6e13d92bb411b826edfc42fd680cfaa90ffb23ecc3a195

SHA512

47a0d71ee92b6b34c98a7ce908de5495e83eec21d08994beb267bea12e754235bbd666b5b96e074b1f8fa1457ed23bb02b97ee8c195225825d4a3aa83b129da8

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.vrlogistic.net

Port: 587

Username: support25@vrlogistic.net

Password: support25!@#$

Targets
Target

Euro invoice.exe

MD5

15f79ec8cfa1ad6c24767d4ca45aa4cd

Filesize

496KB

Score
10/10
SHA1

3b48453cc5680c048880bb0c4f0f19f34fdf1da7

SHA256

49d22404c910a5bd1b6e13d92bb411b826edfc42fd680cfaa90ffb23ecc3a195

SHA512

47a0d71ee92b6b34c98a7ce908de5495e83eec21d08994beb267bea12e754235bbd666b5b96e074b1f8fa1457ed23bb02b97ee8c195225825d4a3aa83b129da8

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation