General
-
Target
INVOICE.zip
-
Size
542KB
-
Sample
221002-npe1zadce5
-
MD5
962a05ea3c4e9f39498bba4f19721bd5
-
SHA1
9385b55666422837179837b29503ccfd6d26455d
-
SHA256
70958dc6350eb915075f117736f0da1972eed1b84d8ead53b21681736cd8a595
-
SHA512
d295274ed1799d8e9e4a1dc8020e77bbfd512d5d7c6ae85e66ec98be722daf154278a34557c0e4dd5e2fc6e9792a589af74b32bdf686100a5e4123f46321feb8
-
SSDEEP
12288:iFMYbcEF1Owk8+CNZrBsmq3JbpO7UfTq/wkZu7g/xyakM5nL:zYbcg3iCzC3vO7UbStu7s4akmL
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5357159221:AAEuOoQ0pUc4ccIZou0EJ5Zin0mMneE2jYg/
Targets
-
-
Target
INVOICE.exe
-
Size
796KB
-
MD5
201b7a345545cb2cc3342793c126aa41
-
SHA1
4d1843c7a4a13758a904df9d0d094d10ee926c2e
-
SHA256
93323042c6db7f7e6a25b786f78e6be3c57f6d2b7d4d18394497f366bd5c2785
-
SHA512
7e1f1f14ad52955d5bfe63be3707bfe25a1edd75b4a9f8944333a02edb4aa62d3e04d1d810961c70d027aab1d92da8c4e4b95b853b3502f6ea11bf43855fa7d4
-
SSDEEP
12288:6xII2iN/a+gNXrfomo7VZpOvU9JqJwYFuEADqjJ5n3:e1bgVq7xOvU7CjuOjr3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-