General
-
Target
c01d75ddb4949e60dd1353373e1bb00b2821a6d95d3547614ec6cec2a074c293
-
Size
495KB
-
Sample
220521-nxltgshdbr
-
MD5
06a44b9bb879a93b6fc9be9d664bde62
-
SHA1
2f84e43b0024b0ec22b46b45f9a4c02ee30b6133
-
SHA256
c01d75ddb4949e60dd1353373e1bb00b2821a6d95d3547614ec6cec2a074c293
-
SHA512
b6d6b1233433817275cc0ef8d7cf1fe6347e6ff8cf5ea551e265b005e62cf7cf7950467ad0895f562fd9a0d672c62bfac732f8910c9fd3aac9f5c317b7d59563
Static task
static1
Behavioral task
behavioral1
Sample
Inv3542.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inv3542.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.lafenwaosiberu.com - Port:
587 - Username:
anumba.c@lafenwaosiberu.com - Password:
perpetua
Extracted
Protocol: smtp- Host:
mail.lafenwaosiberu.com - Port:
587 - Username:
anumba.c@lafenwaosiberu.com - Password:
perpetua
Targets
-
-
Target
Inv3542.exe
-
Size
799KB
-
MD5
877137d28e4b224e0f835eb25dbad93e
-
SHA1
c515c0f2405f5e082cb06b551166e951fdcf7fa3
-
SHA256
ee7d22a474155d5a7b3e6fd89bee93170b4da713db4b65ad6252ef6a73636598
-
SHA512
d90e54a323914f1351a9dba7a039470877e290cea530044e483f13c3f4117b9f5f9f15f1341c6730fa23e77c01ac52365cd59923984bc352f477f146286f7109
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-