General
-
Target
proforma invoice packing list.exe
-
Size
634KB
-
Sample
211201-rnf4esfhc8
-
MD5
48fb8e04e65715d3b3061ae94cd2c05d
-
SHA1
3b902deb417733907561e79706a4834e754231b7
-
SHA256
e5f9ad28d453a801995d0505222189cfcb86ea7baa429979c21f85ca11adf7fc
-
SHA512
c7213cc8e34fca207a3f01f3f3d79a502345f576d32361465f899f68758e29d301491ad4d96fba83c7bdeff66cf3bd4dc79663654501f426b8e58122b3f27eb6
Static task
static1
Behavioral task
behavioral1
Sample
proforma invoice packing list.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
proforma invoice packing list.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2129831935:AAFsDWWUF1IwkP0mys1D0YX41mjPAs-L-eU/sendDocument
Targets
-
-
Target
proforma invoice packing list.exe
-
Size
634KB
-
MD5
48fb8e04e65715d3b3061ae94cd2c05d
-
SHA1
3b902deb417733907561e79706a4834e754231b7
-
SHA256
e5f9ad28d453a801995d0505222189cfcb86ea7baa429979c21f85ca11adf7fc
-
SHA512
c7213cc8e34fca207a3f01f3f3d79a502345f576d32361465f899f68758e29d301491ad4d96fba83c7bdeff66cf3bd4dc79663654501f426b8e58122b3f27eb6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-