General
-
Target
Invoice 20235006.rar
-
Size
1.1MB
-
Sample
240917-mcwyaaxfme
-
MD5
31cfbb074960692c0ab2b8ff1c545bfd
-
SHA1
981a2eba16006aae66d45446e10a62e4ad2bb516
-
SHA256
74092bdbd76ed5163f5c37a6602014a0f7f8c3142cd59be8f0d3e1446d4c670a
-
SHA512
b89c2c62da85b3f96e9034f88522e0c7b8870796dd08faba2ced7cda0239e7ab830e9c4f643d1ad3d452333711f86ae4ede885b521ba447df215fa06b3759988
-
SSDEEP
24576:hl2cRq6ot3/0BW1C5kY8dMzvhH0anJle9svR3vtfTuTph4wR2XbW7lVJp:vf838kY8dMzvl9+Y/pu9h4ZYlVJp
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 20235006.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Invoice 20235006.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
Invoice 20235006.exe
-
Size
1.6MB
-
MD5
e0fd11ccfbe16ce5eebb8c75cbc2c8f1
-
SHA1
2f75d40a35405a1ca13b483082d109d9c1346260
-
SHA256
7099c54e39d4acbdd91ee4c47ed3d3f8e3d2913959b23e7a56e3435500fcc9c2
-
SHA512
57f6cc6a9e17c2db9b2896a0e377212f115904853c15a86f154f0d4112da2feb61706223e03e1f69eb008a6f9e9d02e7aad2b42eafeb7b3cd59cec4b1b9e93af
-
SSDEEP
49152:7TvC/MTQYxsWR7aoN+8nY0Y8Yljab5rpw:vjTQYxsWRvnY0Y8ke5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-