General
-
Target
3813604e8e95d103d9b043bac7e58998a3baaef911381bca8b9fa394a95971aa
-
Size
520KB
-
Sample
220521-a1azhaeafr
-
MD5
c8a175734c532186fb8bbb4dd268dc58
-
SHA1
36f63d1d15186fde07d8dfd35e55817084ce7261
-
SHA256
3813604e8e95d103d9b043bac7e58998a3baaef911381bca8b9fa394a95971aa
-
SHA512
7887b6d2e9a6ff9ca0f38e01dd77d8cb368db19e91ba69c75c6a1d6efc8a7c0c1a68ac85fba74dd5797bc407292b44e4512ff373c8a4d32426c88c9c4bd76187
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
pmoneyboy994
Targets
-
-
Target
INVOICE.exe
-
Size
769KB
-
MD5
444aa620930ed939f02eaef37aeaa652
-
SHA1
38bc95572aad69b25b6226d680c29dfc93e62d52
-
SHA256
14667a81f8e7bc2110dd79dcc786f9dc6aafb5cb5160b446234b652e8384dc55
-
SHA512
7db50d7491dd680c241a5d9aca787f0c819ebe7694b3b7225cefa9b5e0cd557943c01e42600c28e7ab143326b3f3237ecebed4a5d826912d702ffac65b0d36ca
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-