General
-
Target
f1603b5c4886015d2814038adba0f7f58c03f9226e2ba938f916d4dedcc10f8f
-
Size
485KB
-
Sample
220521-bjrrcsehhq
-
MD5
e11f45b93f0fd58cbd485bbb5460c81b
-
SHA1
a5bdbb978100bf7b31bd47e6aa8dad3a957326dc
-
SHA256
f1603b5c4886015d2814038adba0f7f58c03f9226e2ba938f916d4dedcc10f8f
-
SHA512
a63003cd6348ce286de1184dd4bb018955080102ec1e1461bbb9369c7a650f788d36222471cd3d4b3fa7dde51e3306dd6ee09c523632b96109e2d49f2e09ba0a
Static task
static1
Behavioral task
behavioral1
Sample
INV.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INV.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ezesundayngma
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
ezesundayngma
Targets
-
-
Target
INV.exe
-
Size
853KB
-
MD5
38670fbeb0f4e40e3f76149027ebe5fa
-
SHA1
80d1f1a7b469676b66b0c98bcaec5410470b0e99
-
SHA256
c8613cbe02f1e23ab87fcce103efa89cc8da78705c42ca373fa45f3d213b9f5a
-
SHA512
c6f30a191e6a2fe83e7ded892cbecb8d4ed1d4c778b8e3d5f083a311aad4c40f951016c8576e4454e8a7f52fd70e75a0b43629e034c9334508740cee6fd889bc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-