General
-
Target
Invoice.exe
-
Size
790KB
-
Sample
220923-g7rn6ahcfq
-
MD5
a190b2ff24d2c48c0a559e5721f0707b
-
SHA1
ca664df590e439bb7f257d0948c1ba8d95119cbb
-
SHA256
21aeef1143995fb050b42f9a93e8852996815350fb21ed0b5e6e7a5dd880b482
-
SHA512
ce6f22152f7e5b83d9252962201136e4963612ab598e5f2b22b02adb35aa6485c235450f96f675d7ad1f178067f56f4f5745a23a65b14e11b5d436a0479f3469
-
SSDEEP
12288:dBXCWFYHrpMc6xbmHwEi6ulLOGPq+bjQQzA9e:6dMLxCHriDZB1bjZzA
Static task
static1
Behavioral task
behavioral1
Sample
Invoice.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Invoice.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.pisc.lk - Port:
587 - Username:
sales@pisc.lk - Password:
PIsafeTY2021
Targets
-
-
Target
Invoice.exe
-
Size
790KB
-
MD5
a190b2ff24d2c48c0a559e5721f0707b
-
SHA1
ca664df590e439bb7f257d0948c1ba8d95119cbb
-
SHA256
21aeef1143995fb050b42f9a93e8852996815350fb21ed0b5e6e7a5dd880b482
-
SHA512
ce6f22152f7e5b83d9252962201136e4963612ab598e5f2b22b02adb35aa6485c235450f96f675d7ad1f178067f56f4f5745a23a65b14e11b5d436a0479f3469
-
SSDEEP
12288:dBXCWFYHrpMc6xbmHwEi6ulLOGPq+bjQQzA9e:6dMLxCHriDZB1bjZzA
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-