General
-
Target
Proforma Invoice.exe
-
Size
882KB
-
Sample
240522-y1j46sfb29
-
MD5
4376d88829445fb4012817d5efc84682
-
SHA1
d7bce9caea90a8b40f1444036b91312510de3028
-
SHA256
502e4ba0751c2051b1be12064c0bb0698b504d1c9d68174de1dc9b234e096cc6
-
SHA512
af77f043fd82a100c4641a4f920898d0829958ff6369b9aa852927f97191c334f0b5e48bf0254764b96cbc6adac16c153f6141a79f37576275adb7f8b8f11f04
-
SSDEEP
12288:cQ/emKia+CSUCq8l/xB6vKfR4TqGPXwJ8cW8sWomBO+Hq77ZnkqY2u:chmRa+C38pxupgJTomBO+aBkqYj
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Proforma Invoice.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
UTjMgxC7qqqqG5651@@ - Email To:
[email protected]
Targets
-
-
Target
Proforma Invoice.exe
-
Size
882KB
-
MD5
4376d88829445fb4012817d5efc84682
-
SHA1
d7bce9caea90a8b40f1444036b91312510de3028
-
SHA256
502e4ba0751c2051b1be12064c0bb0698b504d1c9d68174de1dc9b234e096cc6
-
SHA512
af77f043fd82a100c4641a4f920898d0829958ff6369b9aa852927f97191c334f0b5e48bf0254764b96cbc6adac16c153f6141a79f37576275adb7f8b8f11f04
-
SSDEEP
12288:cQ/emKia+CSUCq8l/xB6vKfR4TqGPXwJ8cW8sWomBO+Hq77ZnkqY2u:chmRa+C38pxupgJTomBO+aBkqYj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-