General
-
Target
Payment _Advice (2).exe
-
Size
804KB
-
Sample
210408-bck4n26ba2
-
MD5
8447c64196fb7ebc7e37e346c3398494
-
SHA1
a30a0cf36a1bceb9bca69685a919bb9eb6adcb50
-
SHA256
896a518b2db98d75130034be194d0c0295e00a5c310e068790599b69420b2f08
-
SHA512
c3c509fd18e3cd4e7f5574d221c8afe20eaaa4dca9871cc58f7ebf6855469866319d1ef22df6ba5d9d7ee4c7c442c6235b2992f590e65aaed45d62996e1b0eb4
Static task
static1
Behavioral task
behavioral1
Sample
Payment _Advice (2).exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment _Advice (2).exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
result.package@yandex.ru - Password:
Blessing123
Targets
-
-
Target
Payment _Advice (2).exe
-
Size
804KB
-
MD5
8447c64196fb7ebc7e37e346c3398494
-
SHA1
a30a0cf36a1bceb9bca69685a919bb9eb6adcb50
-
SHA256
896a518b2db98d75130034be194d0c0295e00a5c310e068790599b69420b2f08
-
SHA512
c3c509fd18e3cd4e7f5574d221c8afe20eaaa4dca9871cc58f7ebf6855469866319d1ef22df6ba5d9d7ee4c7c442c6235b2992f590e65aaed45d62996e1b0eb4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-