General
-
Target
929a5df7a7cc472c185dbd435cef122ab7a881df22ae5386f347df2215a9ff4f
-
Size
513KB
-
Sample
220520-3ev2rsggd8
-
MD5
44917afb015ced4a663186869dd5d68c
-
SHA1
1ec470cc78a3679251ede3b2f460dec1929a3aa2
-
SHA256
929a5df7a7cc472c185dbd435cef122ab7a881df22ae5386f347df2215a9ff4f
-
SHA512
790a8f41e9804f30367eff0f4cc8c4f6684850f27f2fdb4454f0734cfff3a16d7837c494f7e0bd6280c028542d1eeccc529d49720392d5dceca8c98fe5281dc7
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tiig-eg.com - Port:
587 - Username:
[email protected] - Password:
servicelorch
Targets
-
-
Target
invoice.exe
-
Size
717KB
-
MD5
baab32134f7437976951e908d5b70f6a
-
SHA1
71558fed91f3352d261b07b9985358ebc58e5756
-
SHA256
e2cbded6f889f93a08c2889a5c93385b3b58a569169c17cf08fc667fa8869021
-
SHA512
d009b2d683b29ac8374cad52ec9596d8f52eb12b695a46a6b9065f51c62954113e4f8d034a67bc9d1f23c3ca0b168e1446f5895bbfc7e41f87f95beab7896c17
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-