General
-
Target
95b65ada224cd186bdfbd7542feb9ff3383a5794e4885c8284fd94946cb8f701
-
Size
450KB
-
Sample
220521-nerl1sgfhn
-
MD5
3332da516455861314572804ca83ebb0
-
SHA1
c2f4b4653b3fd4a6ae96c3cbaa4dc8fbfbbf5d1f
-
SHA256
95b65ada224cd186bdfbd7542feb9ff3383a5794e4885c8284fd94946cb8f701
-
SHA512
a1f5017bf3873298e9e2d88647ae5461b884fd8d32210837485960216264d2f5520482aedaebc174d6e448929fa976fc1406071c2dd27501af356b751126f532
Static task
static1
Behavioral task
behavioral1
Sample
Invoice po.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice po.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Extracted
Protocol: smtp- Host:
mail.albaniandailynews.com - Port:
587 - Username:
[email protected] - Password:
125875.jUkT
Targets
-
-
Target
Invoice po.exe
-
Size
502KB
-
MD5
336d033b63278f41d919d5e9944a9d9d
-
SHA1
cfa013de2ef8b542054068ab2aeaa584945634f5
-
SHA256
0f2a2c10ccdece91433063d992b2a24a316db4e1f8d2dc8f6c532fe48e0e1946
-
SHA512
bde06b6efde5a982d43f52b95532ba0f89d87cfe1c0c06f3e2757fdc792a7e5452906a8b5cb4f04322d33af43de0ad991465e97c789f4702f1e8fb34286394a3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-