General
-
Target
491c8c295ce14c9a30a4e0be73835cd7b346e33b20e38d6db1977bbfd2beb285
-
Size
1.2MB
-
Sample
220521-pl2k8sfeh5
-
MD5
4e291d9665d500a45caf8e9a4975d87a
-
SHA1
3196ad2e14502988736344857aa6c5843ecaf912
-
SHA256
491c8c295ce14c9a30a4e0be73835cd7b346e33b20e38d6db1977bbfd2beb285
-
SHA512
783ebe549f0589a594df0ceee7f1dc2485dfea061788cbf17c8dbe5d58ee7fe5d70b86fb509addf2a09ca287e33c01f4f05176eb5f5a78b232425aaa0e01383c
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
info@theunitysoft.de - Password:
77*TeneFe!23*montana
Targets
-
-
Target
INVOICE.EXE
-
Size
435KB
-
MD5
386167a90e854d8b46b239248d9dae44
-
SHA1
e9bfeed596a8fbe9ba69a96307230b74515a48d2
-
SHA256
5451fd912c3cd8d9b5db9326f2c413905d9f4749f499e1cd5a3488e84bdc4ade
-
SHA512
85b5c88a4c02a708e51880d8dc7faaf156352b8212b19bb3637e1d0254990e7e42d0132ebc749e628a616c161b306950ae603dbd807c0c6038343d9a18d3b7a6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-