General
-
Target
PAYMENT COPY.exe
-
Size
750KB
-
Sample
210420-8v2kszagxj
-
MD5
b7648b741ec8f6d9f882464f521a8aed
-
SHA1
78d4c91a87bf51c0495899a4ed4f3b89b3e6ba13
-
SHA256
f7f3e9fbe1bff8f404b8b150d016d2e1757f27756b4664da9ac4dcf7e9a6a09f
-
SHA512
2eb26d6e1e91f7547f8940a6082267768dd3222af7f8ebe25b69292e80692cde46daf913df6070e448352911498d2d582a1cfc9a974a49e25f938a2fa86914ac
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT COPY.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PAYMENT COPY.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
a2plcpnl0347.prod.iad2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
Admin_123
Targets
-
-
Target
PAYMENT COPY.exe
-
Size
750KB
-
MD5
b7648b741ec8f6d9f882464f521a8aed
-
SHA1
78d4c91a87bf51c0495899a4ed4f3b89b3e6ba13
-
SHA256
f7f3e9fbe1bff8f404b8b150d016d2e1757f27756b4664da9ac4dcf7e9a6a09f
-
SHA512
2eb26d6e1e91f7547f8940a6082267768dd3222af7f8ebe25b69292e80692cde46daf913df6070e448352911498d2d582a1cfc9a974a49e25f938a2fa86914ac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-