General
-
Target
cf980c681de9ef7552868b716564423a184143583de8e5cdb8fbd1436670fa09
-
Size
273KB
-
Sample
220521-b2sflsfhgn
-
MD5
55348c4955c6e0c4e7f862685908dfa3
-
SHA1
3405ddbca394b0b1beda3dc8714e560cd7b41c97
-
SHA256
cf980c681de9ef7552868b716564423a184143583de8e5cdb8fbd1436670fa09
-
SHA512
ea6d8c66b6588ca4a41984b0fae6e61811fd8b3cbd51d76bd760affc0229dea4e24a673351544e4f0edfdee8e3ee859475638d8fe5b807f7fcef0ae9cfe6b605
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 20202009.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice 20202009.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ALIbaba123
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ALIbaba123
Targets
-
-
Target
Invoice 20202009.exe
-
Size
533KB
-
MD5
1df80d2189433786f08c70a32b678860
-
SHA1
2096e292dd3e3faf4b6cfd7b154eea748c7b4d7c
-
SHA256
680d3d9d9c5decfb81b62a3583ebf89faea5cfe8c6fe5d34494cc8a065f21ba1
-
SHA512
73a1f06e279ed911542545d3be88030e00cceae69347eaba2f79f9c8d7bfc45fa21f2e1a462e28857ed522dfad53c1c3f78ae88823b14dd1d3447f4db8aaeae2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-