General
-
Target
3345a4c46fec18ca55f32a05404a2ffdafdb6de93b000a1881da387e17a50b42
-
Size
384KB
-
Sample
220521-px5f9sgbe8
-
MD5
3b1746728917ea3e5ba991574726be00
-
SHA1
e554c8046d6cf6039e457bc4167571ce748be69a
-
SHA256
3345a4c46fec18ca55f32a05404a2ffdafdb6de93b000a1881da387e17a50b42
-
SHA512
cc32209fd2cf8ed6e66c80f070ab1cc5f061f1dec32f4f44d336e9acccf64fe17390fbdda43577a5a93ce89feba7c14770f6785cc94a372fd4afbbdae07ca71e
Static task
static1
Behavioral task
behavioral1
Sample
Payment Invoice-.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Invoice-.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.saamaygroup.com - Port:
587 - Username:
ashimdutta@saamaygroup.com - Password:
pawan100
Targets
-
-
Target
Payment Invoice-.exe
-
Size
417KB
-
MD5
0657f318a479e4ef02b4eb081ae1f8a4
-
SHA1
dbb0026898b304f2b90347e9240a9a39514a4936
-
SHA256
be21fe83f9230cc17ae46dc93ef917972b39f41da97ee9dfcd75099fc1b2b65d
-
SHA512
7fec8f109d68b7b3ad1f76b3aef53ff02b37258d028b0f4ecbb748821f9b128308fc6094cbb403e787bbc71219c4f03ce9d028bc6c793b362c3a2f42c2f59506
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-