General
-
Target
0a6ca6bcc0fb1fd661777bffd8115e5b367f53734248333b95a9e56ad4d79bcc
-
Size
324KB
-
Sample
220521-pppqvaahgq
-
MD5
e30789dd94bfc59e604261dba37af90d
-
SHA1
f466f59ae0a1ce3bb97d82cb2e0ba1255313f0ae
-
SHA256
0a6ca6bcc0fb1fd661777bffd8115e5b367f53734248333b95a9e56ad4d79bcc
-
SHA512
28a6caeee9ce167717f57ac4802b6ff25014017babedcda9e6e24c6eaef4e8e2033b66f6542b002d217cd5c4ea746145323a102883780cfce2c8132186d8d93f
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.ionos.es - Port:
587 - Username:
info@theunitysoft.de - Password:
77*TeneFe!23*montana
Targets
-
-
Target
Invoice.exe
-
Size
436KB
-
MD5
0a4bc78d379bedfc32e4614ab3388a5e
-
SHA1
1d3251d01a6d0ca0c2138bb20f3fbab4be0f4aa0
-
SHA256
007a9b9e84d0340480feec469aed51d8428fda32c886068804fc6574f6d0df78
-
SHA512
aa86adc21b3b60162442d7a4453619bffaf5aa692c48d4364bd380852002aaa4e77032323e79c88cbe19366f4a51a7ee1950720e58220e755ff1474b77901a06
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-