General
-
Target
INVOICE-ECNOG-0987765546799008780975433.scr.rar
-
Size
496KB
-
Sample
210927-vgvvsahefk
-
MD5
18fe7f36e161b5233a1e5174871d5097
-
SHA1
37e524ad7d3ffcc28aa52402c3a740372ff7f5b6
-
SHA256
c3e8fb1601a8797e7839652a7686a6476a6751373ecaa49f94e6c01085e7b3c1
-
SHA512
f16647094106d61ea1f354213a9e07806efde897d7358062cdbf006b9b8c31e20b17435d7f60a63c7e6e37079651817d86c0ba00a7288490cd2f58aeeb8399fa
Static task
static1
Behavioral task
behavioral1
Sample
INVOICE-ECNOG-0987765546799008780975433.scr.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
INVOICE-ECNOG-0987765546799008780975433.scr.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.a2zfacilityservices.in - Port:
587 - Username:
office@a2zfacilityservices.in - Password:
?(K8n&m,}#va
Targets
-
-
Target
INVOICE-ECNOG-0987765546799008780975433.scr.exe
-
Size
675KB
-
MD5
5d3e9a92eed37f194e32bde55e64ec94
-
SHA1
2e74d10921253699b029c79b6544f2108390bd95
-
SHA256
786a9b90ee6541476ce7b9ffed8a4d22438b7cfc72ec33ddad9a3cf2cb2f8613
-
SHA512
229855396a5982baed9bc437d31038ad13d7535bdd420a46bcd54f47b788c469023c26faa8e67720a3a4c46551cab6dab5a5b0015f79bbf540019d15bffd9516
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-