General
-
Target
Payment slip.exe
-
Size
652KB
-
Sample
210121-8q8be8adz2
-
MD5
18ba144683247098a9ff944273e3d293
-
SHA1
9eaf6860201938fc7027b22b11a8667d2b45c979
-
SHA256
87f32b29a629a3bf5d0ec129f3daf65ce665c816353b41492ef0ca56fd165ce1
-
SHA512
2a875f79473b578977385740f0a7d6369ffda6bdbe30074045b9ece321d5f27157a8b40dfafcbd79a1f4dac51b3ac8f75b536a6ad1688688d15c04794e99fa4e
Static task
static1
Behavioral task
behavioral1
Sample
Payment slip.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment slip.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
paola.micheli@copangroup.xyz - Password:
gibson.1990
Targets
-
-
Target
Payment slip.exe
-
Size
652KB
-
MD5
18ba144683247098a9ff944273e3d293
-
SHA1
9eaf6860201938fc7027b22b11a8667d2b45c979
-
SHA256
87f32b29a629a3bf5d0ec129f3daf65ce665c816353b41492ef0ca56fd165ce1
-
SHA512
2a875f79473b578977385740f0a7d6369ffda6bdbe30074045b9ece321d5f27157a8b40dfafcbd79a1f4dac51b3ac8f75b536a6ad1688688d15c04794e99fa4e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-