General
-
Target
Euro invoice.exe
-
Size
496KB
-
Sample
211125-t6jy5sbbd4
-
MD5
15f79ec8cfa1ad6c24767d4ca45aa4cd
-
SHA1
3b48453cc5680c048880bb0c4f0f19f34fdf1da7
-
SHA256
49d22404c910a5bd1b6e13d92bb411b826edfc42fd680cfaa90ffb23ecc3a195
-
SHA512
47a0d71ee92b6b34c98a7ce908de5495e83eec21d08994beb267bea12e754235bbd666b5b96e074b1f8fa1457ed23bb02b97ee8c195225825d4a3aa83b129da8
Static task
static1
Behavioral task
behavioral1
Sample
Euro invoice.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Euro invoice.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vrlogistic.net - Port:
587 - Username:
support25@vrlogistic.net - Password:
support25!@#$
Targets
-
-
Target
Euro invoice.exe
-
Size
496KB
-
MD5
15f79ec8cfa1ad6c24767d4ca45aa4cd
-
SHA1
3b48453cc5680c048880bb0c4f0f19f34fdf1da7
-
SHA256
49d22404c910a5bd1b6e13d92bb411b826edfc42fd680cfaa90ffb23ecc3a195
-
SHA512
47a0d71ee92b6b34c98a7ce908de5495e83eec21d08994beb267bea12e754235bbd666b5b96e074b1f8fa1457ed23bb02b97ee8c195225825d4a3aa83b129da8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-