General
-
Target
INV and NOA.zip
-
Size
554KB
-
Sample
221129-qmsv6acf99
-
MD5
399bcd9907d175a2dbb89d342889e4a0
-
SHA1
54fb8123ba427afeeb60630bddbc93ae4894f208
-
SHA256
32bd5e6ae241a016f718e4ae16a189b40d3eb72c497eedd03a44299e5654644a
-
SHA512
35555efff3b013f46052954058f86e5cede52990b07ecedc594df14c8bcdd1113c947f48085f44b006555c4e59c02d51684b5e13205156ca45b505efca98b71e
-
SSDEEP
12288:D3zi+iJJc+XiOXrq7gRCIi97ZagoxSuhnlYaAEtCucH8r0Yv9Oledq:DBinc+XiOXrqwkcLH9AACucHkqleY
Static task
static1
Behavioral task
behavioral1
Sample
INV and NOA.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
INV and NOA.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.southernboilers.org - Port:
587 - Username:
info@southernboilers.org - Password:
Sksmoke2018# - Email To:
obtxxxtf@gmail.com
Targets
-
-
Target
INV and NOA.exe
-
Size
668KB
-
MD5
9efabcfe6bfbfa5dda90ad4dc5894040
-
SHA1
07c7cdac9aa0658d374331c4b35a9d0190eadbee
-
SHA256
05472a071f902b974d4ce0d2e605058580f86ab1ad7b6c201c6f9b38608c9b4d
-
SHA512
bae5eb2fb1dcb683ccab5b4c5f6857ffe300b1719378050e5aab1f97e0c748dbbb5abe91b32cbe8aea3615069f0903a376310ad68ad4ad60d80f1933100e0855
-
SSDEEP
12288:wFkzrbETClCHskFgFwIyXCDP0SLZigmxSuhnlYiAEt+Ccf8r2Yt93cr:Z76CIskFgqIyXyLOLHbAA+Ccfkg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-