General
-
Target
Revised invoice.exe
-
Size
1.1MB
-
Sample
240609-jqzdsage97
-
MD5
bbf053237d91844a971521dab438f529
-
SHA1
6d281685b802068a7f43e4950a5dbf1f5ef0cdf5
-
SHA256
0fd8da5d6fb04b52cfbc2074c9d5382a7b10ab501913b61e31408a2aa16a02e0
-
SHA512
43f6602b4d33faf1516d4eeb5b467b99557e636d55a121ca9672d0bb4af4e7677008d98b88f28e09a66c527792c7d991f982fd0a540ea6192a7387f963167468
-
SSDEEP
24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaAXzHwSbNI3/xToFPs5:Uh+ZkldoPK8YaAjlbN+/U6
Static task
static1
Behavioral task
behavioral1
Sample
Revised invoice.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Revised invoice.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Revised invoice.exe
-
Size
1.1MB
-
MD5
bbf053237d91844a971521dab438f529
-
SHA1
6d281685b802068a7f43e4950a5dbf1f5ef0cdf5
-
SHA256
0fd8da5d6fb04b52cfbc2074c9d5382a7b10ab501913b61e31408a2aa16a02e0
-
SHA512
43f6602b4d33faf1516d4eeb5b467b99557e636d55a121ca9672d0bb4af4e7677008d98b88f28e09a66c527792c7d991f982fd0a540ea6192a7387f963167468
-
SSDEEP
24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaAXzHwSbNI3/xToFPs5:Uh+ZkldoPK8YaAjlbN+/U6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-