General
-
Target
INVOICES.zip
-
Size
503KB
-
Sample
220930-rvpn5sdgg8
-
MD5
e9f8641fa3d090645bf2d0860c07d0fc
-
SHA1
043bfa0c594ca4f392ac97b20f77f296e94cc2b4
-
SHA256
dd3f8246d9f6dd42424228de4e2de92a3f898ea8ada782e9bc2cc56431a0aaf0
-
SHA512
fb80dd387939057d3c31b3b268d4ffdaddf7c7a7d9fe79f543d43eef4ec26b3989d2dacac38088c95cf24fd3228d5ff7abb8ed865bf5eaaf1939dd8106dbb627
-
SSDEEP
12288:pSKTNzJJIpg0giWDvo/N89ww4jXNGLNjb9qTAloemITg:JzJJIpg0g4A4bNyjb4T0oeLE
Static task
static1
Behavioral task
behavioral1
Sample
INVOICES.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INVOICES.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.tricomcomputacion.com - Port:
587 - Username:
[email protected] - Password:
DANIEL291168
Extracted
agenttesla
Protocol: smtp- Host:
mail.tricomcomputacion.com - Port:
587 - Username:
[email protected] - Password:
DANIEL291168 - Email To:
[email protected]
Targets
-
-
Target
INVOICES.exe
-
Size
756KB
-
MD5
0193ef3bac4ab536d4fcf3a5d28503e5
-
SHA1
9b75a52bce80ff055e721a02c1106a004839242e
-
SHA256
26d4e05dd38fed28004f00893d17bcac28d0aa9dcabd43f7c0bd2590e145e1ad
-
SHA512
486988f0a505c42cb309e6421d5571cfd1319d6aba5f6af3b12c9c6a76b87c9bf781f15be18280b255b39a845be15a4a96ea944d951b425461523e97c42c4e5e
-
SSDEEP
12288:ux2p+aSiI7vY/3u9wg4jXrGpLjmADqjJ5nF0+9MK:Np+aSoE4brejIjr5e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-