General
-
Target
INVOICE.zip
-
Size
630KB
-
Sample
240326-v9en9sag7t
-
MD5
4f4b27d0367d76b89f099cabc16262c0
-
SHA1
0f7f5eaba0f52f9d367bca0925d471cda45a57a6
-
SHA256
7558e973bff2426aca4278e62668478f8afc5fb5afcc5e0f77bbdbd733b84ac8
-
SHA512
0b838d16f72053fff40aaacf49d74598c052050f2cd351ad0fa189a010dcb9654940d9495b8b49fe3521b3c2ab85cc9e10115d483885a9df96dbc49549159dbf
-
SSDEEP
12288:MePj0L/PNKPVjGkeDx8ysZlkH+pKQzPltb26upXMPj1pfS0gByKTOmOklsH1hQuY:MjWVjGnDxbiliMKYPr+pXiJpfS0gByQj
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
INVOICE.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@
Extracted
agenttesla
Protocol: smtp- Host:
mail.ipr-co.org - Port:
587 - Username:
[email protected] - Password:
IPRco@100102@ - Email To:
[email protected]
Targets
-
-
Target
INVOICE.exe
-
Size
676KB
-
MD5
458d13e193d1def40ff8862d04ee3839
-
SHA1
2441106df18080573cd0691f86c254e4e0a6193e
-
SHA256
ddc5d1c80b07a16ba4a2d8d289dcfccaa1c2f25a525d96f223be8c8eedf9e9e6
-
SHA512
c72ace9e6a680f087715a1727cf89e4dc5e490b697d238681662a3f0bb0df0a0184ab92c469b6aaa6fb29ba8871eb69620fa98cb3c27cddfb76b20f8a56df0c1
-
SSDEEP
12288:57jia5WBDPVjYEeDxwq0BbIH+pKgzRltb2WupXMPj1pFSKgBqKTcmYkV+/1PLfWN:BGB7VjYHDxl8b+MKoRrKpXiJpFSKgBqi
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-