General
-
Target
SALES INVOICE-CINV-00095891.exe
-
Size
546KB
-
Sample
211202-rrw9tacgd4
-
MD5
7fb60726a32580224bbe792404c89b03
-
SHA1
bc1d157f57b8137d266fbb7e10c59d7d5592630d
-
SHA256
009e42eeca36392c1e89ae2f75ee45d7e3fc71cadc7d2103d44a98657a6bc471
-
SHA512
4b809ee1c5ec3b1724dc37fef637bc6ee6744078e50315df79b962abf33b2e43f56264467ad189921df1f03846b9cff386d38ebc267287f4018a8ab9e07dbb6c
Static task
static1
Behavioral task
behavioral1
Sample
SALES INVOICE-CINV-00095891.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SALES INVOICE-CINV-00095891.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elastopolytec.com - Port:
587 - Username:
sales@elastopolytec.com - Password:
id184@2014
Targets
-
-
Target
SALES INVOICE-CINV-00095891.exe
-
Size
546KB
-
MD5
7fb60726a32580224bbe792404c89b03
-
SHA1
bc1d157f57b8137d266fbb7e10c59d7d5592630d
-
SHA256
009e42eeca36392c1e89ae2f75ee45d7e3fc71cadc7d2103d44a98657a6bc471
-
SHA512
4b809ee1c5ec3b1724dc37fef637bc6ee6744078e50315df79b962abf33b2e43f56264467ad189921df1f03846b9cff386d38ebc267287f4018a8ab9e07dbb6c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-