General
-
Target
173fc366ab54d62ea63e9b029b0cce3af7bb64c8cd03de8adac0ed6a1b46e73f
-
Size
339KB
-
Sample
220521-bx49lsfgan
-
MD5
2083aba03e226d7fb05b90d1c725ff6f
-
SHA1
661eeb730c63487adb853157f8491ae895065b78
-
SHA256
173fc366ab54d62ea63e9b029b0cce3af7bb64c8cd03de8adac0ed6a1b46e73f
-
SHA512
560cd9ae2e94fdddf61319c2d5a6e86b6cd0cb53b5722a90cf0eccdf60cc14cd7b6b5a7bd85626bd7bfe7f6f0b43eecadcb30f3a198b4f5ec3e9a5228d1df969
Static task
static1
Behavioral task
behavioral1
Sample
New Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
js}$_IlwF1q4
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
js}$_IlwF1q4
Targets
-
-
Target
New Invoice.exe
-
Size
380KB
-
MD5
4d8a5a46678a71f749136077b0c37124
-
SHA1
35f39c9216f11a2e8a6a5df78ade47b8c653c9f9
-
SHA256
c37040b100e234734d7e3c86f6de4eeafb4b07096c57cb37d2717aa37a64f330
-
SHA512
ab157a836ad9c578e1846f575ab18989b238e38833efca3e33179049b82778c9aa52e5ce6185d9eaafe2a4ad75c3423d203fa084757daa97e6ff61757bac5842
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-