General
-
Target
666c965436669b81b5b36f6489ab29fcd91297cc0d131e55e906251537fa9533
-
Size
328KB
-
Sample
220521-nxz14shddp
-
MD5
42a4a8d3ca9c025eababc30774afbe3e
-
SHA1
4fa8f70ed35bda5a40d419e4144a6041289d8dac
-
SHA256
666c965436669b81b5b36f6489ab29fcd91297cc0d131e55e906251537fa9533
-
SHA512
9c812e308fcc9d2f7eafe1f656770252d842ed1e850a8b41eddcec5f778f6e985cf0221c1af4246750ad51e3217f1acc23e52812ae3c85ac3b89bd6a8473c7ee
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
correo@instaladorsegui.com - Password:
EWP552255EWP
Extracted
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
correo@instaladorsegui.com - Password:
EWP552255EWP
Targets
-
-
Target
INVOICE.exe
-
Size
383KB
-
MD5
7d1b04f3a1b7a6f5ff58c5a1cf9bc698
-
SHA1
eab2227fe60fe47c727552cc9ec34757587d017f
-
SHA256
ddf0e82231f5acc5e5e024555cf900b3f374cfbc55be09e3c0fb430deb59ea79
-
SHA512
2e2f8a96754ea4e38b692336d1f086a617c2def43265e865ef79691a21a0ddb7b39fa1f0526d8376645f249ba4365f01248a3bb516dff34873d55e90f14740bf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-