General
-
Target
9ed1b17b8717cd7a328371f00d2fe82ef438238af60adac9694e959bbd370ae0
-
Size
358KB
-
Sample
220521-cw7h1sefa8
-
MD5
3ad0a9ed89891bb9b2eb13469de4f135
-
SHA1
661be189a03f0048dfa5a23ca5f4306db9b04761
-
SHA256
9ed1b17b8717cd7a328371f00d2fe82ef438238af60adac9694e959bbd370ae0
-
SHA512
4caf74c076f9522f0834e482482a762b6ae2ab06e987d9deb826b7d67f468d43a1254f9da00aa68a9648bcb333dfd529dbe64eec01ed8de4c00846b1c6228da3
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proforma Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.nilgirisfoods.com - Port:
587 - Username:
[email protected] - Password:
Nil@GiriS1092
Extracted
Protocol: smtp- Host:
mail.nilgirisfoods.com - Port:
587 - Username:
[email protected] - Password:
Nil@GiriS1092
Targets
-
-
Target
Proforma Invoice.exe
-
Size
430KB
-
MD5
f9df7150ae8af1dbefeb613fc554d33d
-
SHA1
57a4211dc059cf771ef2ab435352dc55ae199564
-
SHA256
659860f4cb27298c634c4c5a398f784d138b704202ed793a463858552e161da4
-
SHA512
eed7d05a66c8e61744d2d18e07d1b4ace098d687a5850b1e709231283650ebe76f7cf41337a0ca449210f591ed9e3346e492649f096d29af8f9d649b04e4cd30
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-