General
-
Target
Revised invoice.zip
-
Size
754KB
-
Sample
240609-mlhr1shd6x
-
MD5
e76295d21dbdb248afd4afedb2b1aa69
-
SHA1
42532c1b77dd7f0f2daf306bbac57e9c45aa942d
-
SHA256
df1de76f61b86cf8ce64723b3a0b1656de115890e5080acd113d8a0a3e177c57
-
SHA512
3dda25cc3ddb2c45a2bfe35696071ecab74484050b8eb5eb4f7af8b09c40ae50cf15ce64fd1befaebaf1de2c8cdb6006875a5f49199e2b8c239cde4bea147fc6
-
SSDEEP
12288:+cnMD/K0FQwcbU5ZDv/Zd6kEpliRalbgrzG4zv5qS0b0O+hndInSFCn1Bxv6pB7m:+c70FQfQr7/6kml4alszNzxE8hdIntPJ
Static task
static1
Behavioral task
behavioral1
Sample
Revised invoice.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Revised invoice.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
Revised invoice.exe
-
Size
1.1MB
-
MD5
bbf053237d91844a971521dab438f529
-
SHA1
6d281685b802068a7f43e4950a5dbf1f5ef0cdf5
-
SHA256
0fd8da5d6fb04b52cfbc2074c9d5382a7b10ab501913b61e31408a2aa16a02e0
-
SHA512
43f6602b4d33faf1516d4eeb5b467b99557e636d55a121ca9672d0bb4af4e7677008d98b88f28e09a66c527792c7d991f982fd0a540ea6192a7387f963167468
-
SSDEEP
24576:lAHnh+eWsN3skA4RV1Hom2KXMmHaAXzHwSbNI3/xToFPs5:Uh+ZkldoPK8YaAjlbN+/U6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-