General
-
Target
PROFORMA INVOICE.exe
-
Size
486KB
-
Sample
211204-m1ptwaahbm
-
MD5
6c89c107d5abc79f9424f1434cd78b71
-
SHA1
00464748959d50ec098ebfd560f9db6c1c06d99d
-
SHA256
0b6699f6538fb1030ad665168012930e2369f6442a0b81a2486cd05c9f8614f4
-
SHA512
e1405a1a7b74299b0d38c5b4a6119af077ba7cf04775d653cca1a7953f104156533ebccc0c102ecccbff3b8d388312e555f28c238e3154bb1ff55a62e94aca0c
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA INVOICE.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
PROFORMA INVOICE.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.khawambros.com - Port:
587 - Username:
[email protected] - Password:
1EJRh0xnEN549JSbdZHz
Targets
-
-
Target
PROFORMA INVOICE.exe
-
Size
486KB
-
MD5
6c89c107d5abc79f9424f1434cd78b71
-
SHA1
00464748959d50ec098ebfd560f9db6c1c06d99d
-
SHA256
0b6699f6538fb1030ad665168012930e2369f6442a0b81a2486cd05c9f8614f4
-
SHA512
e1405a1a7b74299b0d38c5b4a6119af077ba7cf04775d653cca1a7953f104156533ebccc0c102ecccbff3b8d388312e555f28c238e3154bb1ff55a62e94aca0c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-