General
-
Target
acaafec2c66c3ce56515b130be895f92127e7ab8da15f4f46c08c4a9374b796e
-
Size
472KB
-
Sample
220521-csxveahebm
-
MD5
412d6ac8072ca72973e55923d45c40ee
-
SHA1
1a6afe76033c8bcfa6bf4706483a913a9278a1e8
-
SHA256
acaafec2c66c3ce56515b130be895f92127e7ab8da15f4f46c08c4a9374b796e
-
SHA512
34d4291abe9c266c5dd6beb6e1a4b3c95cebe4fd13fb642aafbf2342174a7ab3b91d002423f368251a284b4558f3833e2f1b129dd8b1d8edf62011f3003bf944
Behavioral task
behavioral1
Sample
Invoice 20200407.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice 20200407.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
result.package@yandex.ru - Password:
Blessing123
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
result.package@yandex.ru - Password:
Blessing123
Targets
-
-
Target
Invoice 20200407.exe
-
Size
522KB
-
MD5
ae4e6d5d77d778c2f3b7ddcd7ca8b572
-
SHA1
fc61df4c2c91fc0985d6efd8ead3210f5936e7b3
-
SHA256
caaa4cc129eafbe57a597050e290a56fc724309017bb28276e53f2f1496bf1db
-
SHA512
1ff059cfdcef81282ed7d2bea2aa7815f0aacc2096b30df3e654041acc8a4f299e0e32b1ba5d18a3e45e6bbf69601065c1f5e162cde63cc34ae664d2f7fc58cf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-