General
-
Target
INVOICE PAYMENT_Scan0016.scr.exe
-
Size
546KB
-
Sample
240618-qxcxpazeml
-
MD5
ca6a93a429257f7203112e5311ca5b01
-
SHA1
6ab678c5318042c710d59b7e4b1623c20759f8b7
-
SHA256
0ec17a88232be3356c93b0b0eae5acf6a53332fe13e6881d627bea4f2963e6d6
-
SHA512
4d04c05cdcb96f1f465f355c12418de016b12ec2bffd74b086712b75e0777388ebc2183e16c545d73ac42e38a085a18209c37653bfd41b3fbededfcb42ed7dfd
-
SSDEEP
3072:r6Fvnr8xWdvz6m6yQIIDOkbBybvN7jO++qTh3kSkPAxS5oRN:runr11zT2IIDR9ybvdqYgoR
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE PAYMENT_Scan0016.scr.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
INVOICE PAYMENT_Scan0016.scr.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
investms.vadavo.cloud - Port:
587 - Username:
[email protected] - Password:
KA7@K55@THREA@@!! - Email To:
[email protected]
Targets
-
-
Target
INVOICE PAYMENT_Scan0016.scr.exe
-
Size
546KB
-
MD5
ca6a93a429257f7203112e5311ca5b01
-
SHA1
6ab678c5318042c710d59b7e4b1623c20759f8b7
-
SHA256
0ec17a88232be3356c93b0b0eae5acf6a53332fe13e6881d627bea4f2963e6d6
-
SHA512
4d04c05cdcb96f1f465f355c12418de016b12ec2bffd74b086712b75e0777388ebc2183e16c545d73ac42e38a085a18209c37653bfd41b3fbededfcb42ed7dfd
-
SSDEEP
3072:r6Fvnr8xWdvz6m6yQIIDOkbBybvN7jO++qTh3kSkPAxS5oRN:runr11zT2IIDR9ybvdqYgoR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-