General
-
Target
bf299628481941528459ce681df6b267ccf6ed6053a0e68a897d82bc94541574
-
Size
409KB
-
Sample
220520-3wjeashfc2
-
MD5
6b7f7a81b81c5c56378bf430505619fb
-
SHA1
2b99688d6086c4d3f71ecab7a72a703cf7d8297e
-
SHA256
bf299628481941528459ce681df6b267ccf6ed6053a0e68a897d82bc94541574
-
SHA512
d437e09cd2936c43c43c347526e11c2ea152395c3c78c6d58a85c851c39d59b0a179efedb19cedac82f82d63ff29ebeae587cba4e8cb068a4782bd913f88f4b7
Static task
static1
Behavioral task
behavioral1
Sample
TNT Original Invoice PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TNT Original Invoice PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Extracted
Protocol: smtp- Host:
mail.lacore.ee - Port:
587 - Username:
[email protected] - Password:
MBla354X
Targets
-
-
Target
TNT Original Invoice PDF.exe
-
Size
458KB
-
MD5
b4ac951ff6e00921270323cd1ed651a7
-
SHA1
03fef764aa4a0086b6d32c65ba663ad0ae69461a
-
SHA256
38bfcdf30a0a9e9bfb1e7d0f409dea1a387b20864bdaee25b072b0fc040f57ae
-
SHA512
5772e96d025dd57606de0eb022abdc4d6c162be639ce4171dd743d2c8cc7f6e3712501034a2620fbcb8e6de890dcdc3e4bbb427cf4751af2fbf727585bc07ea7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-