General
-
Target
1cdf68d4da8c8620d40cf6692a2aa0e1b6b67952c3a506370573ca4925b97907
-
Size
388KB
-
Sample
220520-21dtyabcfr
-
MD5
aee87f828f332937b0a1216e514ff59b
-
SHA1
86a931c132009fd7b1a3bfdc1f6558129315565e
-
SHA256
1cdf68d4da8c8620d40cf6692a2aa0e1b6b67952c3a506370573ca4925b97907
-
SHA512
b3f700aa6f840cc1e6407f540a09cb74ce4cd85bebb121051dad13bf527bcbdbfcfdd7de79351c9059f60d1a30a0a6e54207bd3ac99c69e585c320a1e15f3f81
Static task
static1
Behavioral task
behavioral1
Sample
Transfer Invoice's .exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Transfer Invoice's .exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.imacdeveracruz.com - Port:
587 - Username:
[email protected] - Password:
Nal02ti*
Extracted
Protocol: smtp- Host:
mail.imacdeveracruz.com - Port:
587 - Username:
[email protected] - Password:
Nal02ti*
Targets
-
-
Target
Transfer Invoice's .bat
-
Size
429KB
-
MD5
0fff5b73038ac38162236a9d1545a3d3
-
SHA1
38bdb5b9f1098aaab60f77792eddf1acebd8b63d
-
SHA256
e1edaeafb526cd694a3f293cf47ad4bdb832cc0c6d697a1f386d0f9b63dcd152
-
SHA512
4751d9307abfde72cf49c20f87930d4edd904b48c6376ba052f119cdc52bcd51a4ac4aee99e84ee2809532bc539c0f56d1157d23e396c19fc03ff9ff50435ea2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-