General
-
Target
0ec65850335ec681a3eeff1a5aaa05485fa5997bbe3c669eb1bda9100bb3d67b
-
Size
324KB
-
Sample
220521-ppdnksfga8
-
MD5
027154360c373f7f09bc0d4fe6605340
-
SHA1
d475a247ff458f0b25be868a53c1cae13f78d265
-
SHA256
0ec65850335ec681a3eeff1a5aaa05485fa5997bbe3c669eb1bda9100bb3d67b
-
SHA512
9204ff52d68786c2c9ebf964d2703d275c389d93d545a951518f3c2f50b91e7d4ea25cdb407dfbef343f269530643230d1338f1daa17adde65bfb807816b5256
Static task
static1
Behavioral task
behavioral1
Sample
invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
info@theunitysoft.de - Password:
77*TeneFe!23*montana
Targets
-
-
Target
invoice.exe
-
Size
435KB
-
MD5
1408f36656fc33e202b9c94a1a1e834f
-
SHA1
419b16277e612d1367f954bb4674d91cfbf4fea8
-
SHA256
d5414c39cce4d671db2abfc5879a2a2e97a60313070d37c359b01b50f201aed2
-
SHA512
2db1823d75dc6f7c8ee6efafd7c3c78a3668360d4fca935a9a5dbb3b056bf3d399c3714bc37ce2b108a903a24fed701deff68e3004f8c2f4cbf71c1a662c62d9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-