General
-
Target
25062024_0815_24062024_Proforma Invoice - 490235.img
-
Size
1.2MB
-
Sample
240625-j5wlfa1gnm
-
MD5
4ca7d14dbd97d6c17416eb1617fd9eb6
-
SHA1
3892dbdecfa030fb6dc18da0010fb042946403d6
-
SHA256
4c1e5a6a0efd3bce4568f79f6894dbbe85cd37db499882989deefe69cccf08ff
-
SHA512
a2728e3a4bfb38db894205c94ea558b1f9deaf36533a5df10569a7049fe948184367e2ac2c578e1c45ab9017cb77776f06b1eed4bbbeb1bbdfbce15713f9e4cb
-
SSDEEP
6144:Um6jEb2V51LUVL6R9mCdy1wUZGUwCu5C+YlKygc+yj:KEW3LkL2a1LUFlyKi
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice - 490235.cmd
Resource
win7-20240220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.merlinmotorworks.com - Port:
587 - Username:
[email protected] - Password:
Merlin1080S - Email To:
[email protected]
Targets
-
-
Target
Proforma Invoice - 490235.cmd
-
Size
224KB
-
MD5
52c11a6984ecbb6d95da898ce7166ae3
-
SHA1
ca482e32af072f39b104cf8106cd962d494adc2a
-
SHA256
d7d529d5e29131e1df6c41d725a6731b0d989f46089afa1beb340170efdbe47a
-
SHA512
e80c985036b9362b23d58a2c3a73a455cde05ca87ec07b00e9e0dfeb8411fb4cf9337730cd5e67c7adcac0ee9d82ae2e63264ec00ba6bc3c8ac15ec611fa5b79
-
SSDEEP
6144:w6jEb2V51LUVL6R9mCdy1wUZGUwCu5C+YlKygc+yjp:7EW3LkL2a1LUFlyKip
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-