General
-
Target
Kommerciel faktura.1-12-2021.exe
-
Size
671KB
-
Sample
211201-q1va5scefn
-
MD5
3b75a68ee1d760c02018a9713749a308
-
SHA1
4e7c21ac262daf128491a3536ee0465462f25d01
-
SHA256
a4d3d2100382df9f112a4c56a6487e3d7553e93f1bc819f5241a51364968ed9e
-
SHA512
223037e55a2ef0498e0821f69af321519d4ab9ee74178485320a37617ab3df6967a663d6b2e9439d9a49cc6d486446ab314808e86d325226d0ea9f3ec9106822
Static task
static1
Behavioral task
behavioral1
Sample
Kommerciel faktura.1-12-2021.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Kommerciel faktura.1-12-2021.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.renovateme.gr - Port:
587 - Username:
[email protected] - Password:
playboy123@
Targets
-
-
Target
Kommerciel faktura.1-12-2021.exe
-
Size
671KB
-
MD5
3b75a68ee1d760c02018a9713749a308
-
SHA1
4e7c21ac262daf128491a3536ee0465462f25d01
-
SHA256
a4d3d2100382df9f112a4c56a6487e3d7553e93f1bc819f5241a51364968ed9e
-
SHA512
223037e55a2ef0498e0821f69af321519d4ab9ee74178485320a37617ab3df6967a663d6b2e9439d9a49cc6d486446ab314808e86d325226d0ea9f3ec9106822
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-