General
-
Target
PAYMENT ADVICE.exe
-
Size
732KB
-
Sample
201204-v54zcg7g3j
-
MD5
d50d182e6194cbed4154764d259fd27d
-
SHA1
87266992f93abdf25943916869b99074266600ef
-
SHA256
c0b7a61af074ad5fc632939be669c133ba351162d40b97db686253ce43dbd8ca
-
SHA512
d039f8a6bcaa3324e6ab7d8a2e69e95fcc4b032ea6995226e90520a57325e867cd9504ab40f34ff5536473315b7949681f2f6374ab31f0601064edd05b8f2511
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT ADVICE.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PAYMENT ADVICE.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
exports@krrislam.com - Password:
PfV^BQW2
Targets
-
-
Target
PAYMENT ADVICE.exe
-
Size
732KB
-
MD5
d50d182e6194cbed4154764d259fd27d
-
SHA1
87266992f93abdf25943916869b99074266600ef
-
SHA256
c0b7a61af074ad5fc632939be669c133ba351162d40b97db686253ce43dbd8ca
-
SHA512
d039f8a6bcaa3324e6ab7d8a2e69e95fcc4b032ea6995226e90520a57325e867cd9504ab40f34ff5536473315b7949681f2f6374ab31f0601064edd05b8f2511
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-