General
-
Target
162f1e6e446fb3689f7b35393de3a2a781dc4f1e018611ab88ce9b781fa1d847
-
Size
707KB
-
Sample
220521-bksp2scab8
-
MD5
a02b13739448e08eacfcf1fa131f82f8
-
SHA1
15d4a96edd1146393f6736450c1558fb168e7d8c
-
SHA256
162f1e6e446fb3689f7b35393de3a2a781dc4f1e018611ab88ce9b781fa1d847
-
SHA512
abe32e6d85264e3dad437624714788621b2bfdfb28e8d188ad0e09b404a79e0a2ba1782701145dacf0ac5f591685ae1896bb8d3f3a392ada9921a50753fc5a63
Static task
static1
Behavioral task
behavioral1
Sample
Tax_Invoice (965496112).exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Tax_Invoice (965496112).exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.kemyo.lk - Port:
587 - Username:
[email protected] - Password:
YWNZL%x)7o6r(^nPeV5qsQy^
Targets
-
-
Target
Tax_Invoice (965496112).exe
-
Size
1.0MB
-
MD5
d047bd852813fb0cd3f93bc0bacaabdd
-
SHA1
722d6893f02d1fd0b44e5d20cc0e1ae43934dd4d
-
SHA256
254920e6788f4cb4975f08c5deef07e932f4a370a38c5197d7a4fb7846ea63ae
-
SHA512
56433badc741031b41a1842181ea9ada0e35d92651ae8fa3d1f21663e3f8218a1810d4ceed399489e181a5ff60f317729a2e7a3db32437d52188d74cfa0b3790
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-