General
-
Target
PROFORMA FATURA.exe
-
Size
941KB
-
Sample
231212-lqgj3sccf9
-
MD5
01e2e0d04940c5d278b66b42345fb63e
-
SHA1
3118e9bcf070af6463dc179a3600470916ccffb2
-
SHA256
621998b51ba77181795bd5bef94d625b69480b794e0bea36ec84beb435d67e00
-
SHA512
edef5986aa9c7861de2afc769cd4c51689ce1b7f971088f3a636613fe298fdc447b6a208a8bdaae9c9728f91b63e3501142c905bfec45bdf35775c2c13e79861
-
SSDEEP
12288:BU+t+4WpAEoy7lOay4wDYFd9TB/tDB7dWRja1Nf2Z0FFPMdVm566kCqe4Hb:cpAEIT4V91/FUjkV2Z0F0QY77
Static task
static1
Behavioral task
behavioral1
Sample
PROFORMA FATURA.exe
Resource
win7-20231020-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1183507859548409966/DLogPQ-F1DDyhyB8jQQaZyMMcOMnZXZGJcy3aRzF-4v3ffTI5rw5BJsXH-q9dmg6WDRG
Targets
-
-
Target
PROFORMA FATURA.exe
-
Size
941KB
-
MD5
01e2e0d04940c5d278b66b42345fb63e
-
SHA1
3118e9bcf070af6463dc179a3600470916ccffb2
-
SHA256
621998b51ba77181795bd5bef94d625b69480b794e0bea36ec84beb435d67e00
-
SHA512
edef5986aa9c7861de2afc769cd4c51689ce1b7f971088f3a636613fe298fdc447b6a208a8bdaae9c9728f91b63e3501142c905bfec45bdf35775c2c13e79861
-
SSDEEP
12288:BU+t+4WpAEoy7lOay4wDYFd9TB/tDB7dWRja1Nf2Z0FFPMdVm566kCqe4Hb:cpAEIT4V91/FUjkV2Z0F0QY77
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-