General
-
Target
PAYMENT COPY.exe
-
Size
917KB
-
Sample
210420-5mdf1mmgx6
-
MD5
5e52d546bf55e00b16eeba9e00adff81
-
SHA1
2859628f7b8c99e5abcb21c7c62a1aad0fce628a
-
SHA256
192f1700dfb08c74e6659dc411262bd2f69b69ee72a6d1fc0d68d4b485ee95ac
-
SHA512
36e7adf4742b317e699db7ace2753745501591b3c4dbc39b0106c087726a1950d899d42bc1842324b2eefa7a383ac84d7c8f9bf53d12644edf2a1e901c409888
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT COPY.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PAYMENT COPY.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
Admin_123
Targets
-
-
Target
PAYMENT COPY.exe
-
Size
917KB
-
MD5
5e52d546bf55e00b16eeba9e00adff81
-
SHA1
2859628f7b8c99e5abcb21c7c62a1aad0fce628a
-
SHA256
192f1700dfb08c74e6659dc411262bd2f69b69ee72a6d1fc0d68d4b485ee95ac
-
SHA512
36e7adf4742b317e699db7ace2753745501591b3c4dbc39b0106c087726a1950d899d42bc1842324b2eefa7a383ac84d7c8f9bf53d12644edf2a1e901c409888
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-