General
-
Target
AVISO CREDITO PAGPROV.exe
-
Size
475KB
-
Sample
210226-qnkqv1kjxn
-
MD5
3eeb0f9a37c6cbb04da1bc840a7842f9
-
SHA1
aa5902beee2a8dbb6acf497851141a6deaa40f29
-
SHA256
2ea0891529f5c9c961aa494484f359f3cd2a5cfdb5d20c0031a4296fc0a6cc29
-
SHA512
3fd527b704c9c025a3c91436b4cdc14df47720ee77e3e31757a9461b1a02842c59b9852f9982c3d525af15587aee88001009f21a37daba284c292d913e63f76a
Static task
static1
Behavioral task
behavioral1
Sample
AVISO CREDITO PAGPROV.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AVISO CREDITO PAGPROV.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chefoowork.com - Port:
587 - Username:
[email protected] - Password:
ld_@uP[}B
Targets
-
-
Target
AVISO CREDITO PAGPROV.exe
-
Size
475KB
-
MD5
3eeb0f9a37c6cbb04da1bc840a7842f9
-
SHA1
aa5902beee2a8dbb6acf497851141a6deaa40f29
-
SHA256
2ea0891529f5c9c961aa494484f359f3cd2a5cfdb5d20c0031a4296fc0a6cc29
-
SHA512
3fd527b704c9c025a3c91436b4cdc14df47720ee77e3e31757a9461b1a02842c59b9852f9982c3d525af15587aee88001009f21a37daba284c292d913e63f76a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-