General
-
Target
INV.exe
-
Size
629KB
-
Sample
240611-w52hxawgrg
-
MD5
7c37ca93ea31895ae8c37b5086aafb5f
-
SHA1
36ec354b8f559c44ac1a45d9bbe56ee8dbf883db
-
SHA256
edd8ae87a81a2627e70d3df6bbe1a7185c8045bc4ef9624c5f2b8487d86dbd73
-
SHA512
852e0315d1930b9dcb85c7d649c2e0524eaee1ed287d21be6dbb37a27151e200236237b9d9490bc3453bf01ac2baf1e695c83e88484fd5a426482772d52fe864
-
SSDEEP
12288:mgS5y5R7+SyRps33QjMEVyhxLBDulZ7+OibPNL5lNXKVLbziXMOvrxdRnh457ks3:65yH73QbyLlDu3C/lNXKL3i9v3Idke
Static task
static1
Behavioral task
behavioral1
Sample
INV.exe
Resource
win7-20240221-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
vjru ncjq zilj zxwk
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
vjru ncjq zilj zxwk - Email To:
[email protected]
Targets
-
-
Target
INV.exe
-
Size
629KB
-
MD5
7c37ca93ea31895ae8c37b5086aafb5f
-
SHA1
36ec354b8f559c44ac1a45d9bbe56ee8dbf883db
-
SHA256
edd8ae87a81a2627e70d3df6bbe1a7185c8045bc4ef9624c5f2b8487d86dbd73
-
SHA512
852e0315d1930b9dcb85c7d649c2e0524eaee1ed287d21be6dbb37a27151e200236237b9d9490bc3453bf01ac2baf1e695c83e88484fd5a426482772d52fe864
-
SSDEEP
12288:mgS5y5R7+SyRps33QjMEVyhxLBDulZ7+OibPNL5lNXKVLbziXMOvrxdRnh457ks3:65yH73QbyLlDu3C/lNXKL3i9v3Idke
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-