General
-
Target
d9e6cec88ebff6f971f3029bdba2ea6709a93cea73cb0e14f59d6f0f96727ee4
-
Size
496KB
-
Sample
220521-xjgr2sfbcn
-
MD5
2e7f4bdc20dfecd05e4770182ebe83ce
-
SHA1
8a16b58665915003071f4680dde5f35fb51f3f5b
-
SHA256
d9e6cec88ebff6f971f3029bdba2ea6709a93cea73cb0e14f59d6f0f96727ee4
-
SHA512
183f2176225fef73e370930c7416dee8a14d94edf7750b5d052c6801756521963974ca6874ba0425d30855f20b1242ec324043ad32daf5d36d96b5b22e02e61e
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.visgring.com - Port:
587 - Username:
px@visgring.com - Password:
uqtQpAv1
Targets
-
-
Target
Invoice.exe
-
Size
533KB
-
MD5
676213812fcd942f150519418bad81f0
-
SHA1
63c6513df8879238baef6869bd2c2c5324626337
-
SHA256
c8f62dda091a29ed35c26e212840d0c260c9f420f5a7940b2b1f088ad10a3c2d
-
SHA512
945e542fc9dca0dc00f342749fd4662fadf68b2284b8955211771f8a4d2bf897e12ee10fe9435b57bdd757aa954a239ed0f42d5e787f827113e69f825262b730
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-