General
-
Target
Payment4758475.exe
-
Size
439KB
-
Sample
200625-g1t77xrs6n
-
MD5
f505beac7f7bc5012780705a42338ac2
-
SHA1
74efd44bd9ed7c3ae5d4f6b0487a6dd6bb4a57af
-
SHA256
3e3d152759cbe2a09c5d88af90483638866ae67101b7094816248c739d0917b2
-
SHA512
60048e3b7fc92e6eebe2596fa9f6956ca37d2096d9db27a99aeff856e049a89f0b90b09ed74a62461e427ea6cc88e060da8cfab5f9f85d93c3f4f4491838c88a
Static task
static1
Behavioral task
behavioral1
Sample
Payment4758475.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Payment4758475.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sunrvun.com - Port:
587 - Username:
loggshomes@sunrvun.com - Password:
o2AzYZ=_#flE
Targets
-
-
Target
Payment4758475.exe
-
Size
439KB
-
MD5
f505beac7f7bc5012780705a42338ac2
-
SHA1
74efd44bd9ed7c3ae5d4f6b0487a6dd6bb4a57af
-
SHA256
3e3d152759cbe2a09c5d88af90483638866ae67101b7094816248c739d0917b2
-
SHA512
60048e3b7fc92e6eebe2596fa9f6956ca37d2096d9db27a99aeff856e049a89f0b90b09ed74a62461e427ea6cc88e060da8cfab5f9f85d93c3f4f4491838c88a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-