General
-
Target
proforma invoice packing list.7z
-
Size
596KB
-
Sample
211201-rnf4esfhc7
-
MD5
fc17d1c66efb0295841b8c3e98e43585
-
SHA1
e496ed84f3881020d3a2a191d82d19906a2be70b
-
SHA256
e53e055f73bf831b81bdfbfebd66fa4168a637322af475e226d1d591cf49127c
-
SHA512
65cf315aa0614f4289a7e84d7bb120acb8e2917f17058eac8047a2fff5af613346264c83565b5a6299197aa743649bba52b89ee698bc4762241cdcbd6bf8711a
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice packing list.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
proforma invoice packing list.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2129831935:AAFsDWWUF1IwkP0mys1D0YX41mjPAs-L-eU/sendDocument
Targets
-
-
Target
proforma invoice packing list.exe
-
Size
634KB
-
MD5
48fb8e04e65715d3b3061ae94cd2c05d
-
SHA1
3b902deb417733907561e79706a4834e754231b7
-
SHA256
e5f9ad28d453a801995d0505222189cfcb86ea7baa429979c21f85ca11adf7fc
-
SHA512
c7213cc8e34fca207a3f01f3f3d79a502345f576d32361465f899f68758e29d301491ad4d96fba83c7bdeff66cf3bd4dc79663654501f426b8e58122b3f27eb6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-