General
-
Target
INVOICE_.EXE
-
Size
248KB
-
Sample
231212-m54htsddb7
-
MD5
d1e6e01d8c2621072feaf1ac125e7d8f
-
SHA1
b37aa7269775413d7de0e52a102b91502ec75c0d
-
SHA256
d84fbf42018329d0bf2f0045e15aa3b5c4c102e09b6853b3041944ea9f0b1a25
-
SHA512
6399d554fb566e0928a753cda545569a6681a50d0ccc728029879a9873c4ea141967863de9fcf7d39adb9ed92d6f58fb9f243d181f1b8d329c3362028e4955a0
-
SSDEEP
6144:WynXAf95NVvmYqY4ONgcfzORSc2RRhvHI:7Cqjcfy2RRhvHI
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE_.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
INVOICE_.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.merlinmotorworks.com - Port:
587 - Username:
[email protected] - Password:
Merlin1080S
Extracted
agenttesla
Protocol: smtp- Host:
mail.merlinmotorworks.com - Port:
587 - Username:
[email protected] - Password:
Merlin1080S - Email To:
[email protected]
Targets
-
-
Target
INVOICE_.EXE
-
Size
248KB
-
MD5
d1e6e01d8c2621072feaf1ac125e7d8f
-
SHA1
b37aa7269775413d7de0e52a102b91502ec75c0d
-
SHA256
d84fbf42018329d0bf2f0045e15aa3b5c4c102e09b6853b3041944ea9f0b1a25
-
SHA512
6399d554fb566e0928a753cda545569a6681a50d0ccc728029879a9873c4ea141967863de9fcf7d39adb9ed92d6f58fb9f243d181f1b8d329c3362028e4955a0
-
SSDEEP
6144:WynXAf95NVvmYqY4ONgcfzORSc2RRhvHI:7Cqjcfy2RRhvHI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-