General
-
Target
Proforma Invoice.iso
-
Size
330KB
-
Sample
211202-qgjqasggdm
-
MD5
15e334bb8feea661b040b3f375368e2e
-
SHA1
8fff367d07098b5f087f727a12ef5b4baa64f3fd
-
SHA256
5c192f1bdfd5def094b21193855d943ceb15cf7a9a57621b1ceac8c186ad0fc1
-
SHA512
73462a67a57044c8a324932c1bfa9b2f4d749501617687c25d9b9eabe80cc17b716c8ce6ae456d1380d16722d54ece26ace1d418931cda6b300e76d28764a2f4
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Proforma Invoice.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.croatiahunt.com - Port:
587 - Username:
info@croatiahunt.com - Password:
VilaVrgade852
Targets
-
-
Target
Proforma Invoice.exe
-
Size
269KB
-
MD5
42c08daca71ce2bf1fcabb9d086ef74d
-
SHA1
c208ce6676726ac3640f5b8abb86694e5e2869bf
-
SHA256
96a5aa93e408361cc695ac8e9cdc3535c64bfd88b9ab60535683ddc488289eda
-
SHA512
ea6ed2c0f5f5d92bb3cb7707e136c0f00d36fde3db0a96461a8a997e0c9796d23ad6af9279a7675c927f3ea13fc90f98a032080574284060e4dcee3107a9ccdb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-