General
-
Target
Proforma Inv.exe
-
Size
434KB
-
Sample
220407-sp6adaehdm
-
MD5
189ad2733ba3c8baa0d9fb41e4223d92
-
SHA1
90d2762579dfd97d7b767662566f3a623766dd0a
-
SHA256
d73763f8b8d4eb91dec386eb7a2ebf9a8a9b40c6b028d57e6144ed74551d460b
-
SHA512
a255eb116180e54ca4966b6596adccffb56deac442f64ed570814f2205811b3e5d2263ce4f0f2183851530b962f754fe3fe3561dda93dd3e20f6ac46dc6f0901
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Inv.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
Proforma Inv.exe
Resource
win10v2004-20220331-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.safalaw.com.ph - Port:
587 - Username:
ipdepartment@safalaw.com.ph - Password:
#Risel767
Extracted
agenttesla
Protocol: smtp- Host:
mail.safalaw.com.ph - Port:
587 - Username:
ipdepartment@safalaw.com.ph - Password:
#Risel767 - Email To:
ongod9755@gmail.com
Targets
-
-
Target
Proforma Inv.exe
-
Size
434KB
-
MD5
189ad2733ba3c8baa0d9fb41e4223d92
-
SHA1
90d2762579dfd97d7b767662566f3a623766dd0a
-
SHA256
d73763f8b8d4eb91dec386eb7a2ebf9a8a9b40c6b028d57e6144ed74551d460b
-
SHA512
a255eb116180e54ca4966b6596adccffb56deac442f64ed570814f2205811b3e5d2263ce4f0f2183851530b962f754fe3fe3561dda93dd3e20f6ac46dc6f0901
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-