General
-
Target
23052024_1328_22052024_Proforma Invoice.zip
-
Size
628KB
-
Sample
240523-qq36asch7y
-
MD5
a5c2748d3e3a1684fbf01bfbbd30a506
-
SHA1
64c5deb6be6bd9149aae8f56a1483268456bd09a
-
SHA256
32e57c1e9bac5b3d82f1f2163e29c0f84a2f441b2c67c0cd30c4ed4b0499c79d
-
SHA512
6503eb59e9944281953917623a33b7c8e661511fd6966859fb4b389dd51fadebb5f925afc4e22328c258a00cb1d2b66fa8a222c3db6dfb7850f6d5b3df3acc59
-
SSDEEP
12288:10Xsga5dQxemKQS+WSUCy8R/HZaJKf3TqGFj2pacW8aWEmBOq5qPpZVmAylZ:WLgdTmJS+WF89HWkcpnEmBOq6Dm5lZ
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Proforma Invoice.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
UTjMgxC7qqqqG5651@@ - Email To:
[email protected]
Targets
-
-
Target
Proforma Invoice.exe
-
Size
882KB
-
MD5
4376d88829445fb4012817d5efc84682
-
SHA1
d7bce9caea90a8b40f1444036b91312510de3028
-
SHA256
502e4ba0751c2051b1be12064c0bb0698b504d1c9d68174de1dc9b234e096cc6
-
SHA512
af77f043fd82a100c4641a4f920898d0829958ff6369b9aa852927f97191c334f0b5e48bf0254764b96cbc6adac16c153f6141a79f37576275adb7f8b8f11f04
-
SSDEEP
12288:cQ/emKia+CSUCq8l/xB6vKfR4TqGPXwJ8cW8sWomBO+Hq77ZnkqY2u:chmRa+C38pxupgJTomBO+aBkqYj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-