General
-
Target
INVOICE SHIPPING-PACKING LIST.exe
-
Size
492KB
-
Sample
221128-kl1lqaef91
-
MD5
6f793265d64232cda59fc43f2f7b120d
-
SHA1
7a5aebb953f37e9b2f4f7ba0c9c19c945a7d808b
-
SHA256
523827d0143781d5e1124ddcc75eaed873f190f255497217ef2f61a5714fedb8
-
SHA512
bbbacbc4695e7088564cf85974b3ddf5aa6e3bdbc3fea8f8538ec4fa79c8e8ffeb62b3e3b59831da8aefb3be9b9e8c71d8d4b1b33ad7fae307e3356612b7e24f
-
SSDEEP
12288:6XT5OxeW3QRu0ApGptvXqXuRfaFhgOo7zcyv:6XdOxeYGu0ApGpB+OvD
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE SHIPPING-PACKING LIST.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
INVOICE SHIPPING-PACKING LIST.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5515611206:AAEcQSX8hXHOAxSYr8KUdLxGF5eqw4FRXoA/
Targets
-
-
Target
INVOICE SHIPPING-PACKING LIST.exe
-
Size
492KB
-
MD5
6f793265d64232cda59fc43f2f7b120d
-
SHA1
7a5aebb953f37e9b2f4f7ba0c9c19c945a7d808b
-
SHA256
523827d0143781d5e1124ddcc75eaed873f190f255497217ef2f61a5714fedb8
-
SHA512
bbbacbc4695e7088564cf85974b3ddf5aa6e3bdbc3fea8f8538ec4fa79c8e8ffeb62b3e3b59831da8aefb3be9b9e8c71d8d4b1b33ad7fae307e3356612b7e24f
-
SSDEEP
12288:6XT5OxeW3QRu0ApGptvXqXuRfaFhgOo7zcyv:6XdOxeYGu0ApGpB+OvD
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-