General
-
Target
Revised Proforma Invoice_New order.exe
-
Size
622KB
-
Sample
210928-gwhbcaagfq
-
MD5
3a391e960ff363979a5ac9dc3a95c636
-
SHA1
8930a2e630f133dfb78e87e06b4f9ecd882a84e1
-
SHA256
8842d55ed240f4ed04d12d227dfd1c65bc20b72bf79fc5e40daf61d9f3f86d47
-
SHA512
9ad6f160cef7ba108a88ee963aa224c1766bfb183e7934a88b5a7019788b6874009a4a921f8b853329be940d08de74e3ddb0170e69b60152fbd950a5889a5926
Static task
static1
Behavioral task
behavioral1
Sample
Revised Proforma Invoice_New order.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Revised Proforma Invoice_New order.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
s1.20mb.nl - Port:
587 - Username:
whitesend@billionv.com - Password:
fgd436-=/eVNM!!@#)mmnb
Targets
-
-
Target
Revised Proforma Invoice_New order.exe
-
Size
622KB
-
MD5
3a391e960ff363979a5ac9dc3a95c636
-
SHA1
8930a2e630f133dfb78e87e06b4f9ecd882a84e1
-
SHA256
8842d55ed240f4ed04d12d227dfd1c65bc20b72bf79fc5e40daf61d9f3f86d47
-
SHA512
9ad6f160cef7ba108a88ee963aa224c1766bfb183e7934a88b5a7019788b6874009a4a921f8b853329be940d08de74e3ddb0170e69b60152fbd950a5889a5926
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-