General
-
Target
payment copy.exe
-
Size
1.9MB
-
Sample
210504-6vvdycssqx
-
MD5
8e6ca3bd2855438188bb22fdbb73a712
-
SHA1
c2b8c77e04998e04a15ab61d5d7557864f9ec7ed
-
SHA256
1a0b85e94b4c6c47e743b96560b09aad2194278caa770f27ca2e85ad69b62e93
-
SHA512
95a70d94c353ac42ce6c98be8b0dd2c1e8550dc1d44682e19eda0b20245b140be34ab88a6f2dd95d008329186684d5d7c10d735d0fe893b0caa96a8a449863e8
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
payment copy.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
pagosbogaitrans@vivaldi.net - Password:
Qwerty2020Hp##
Targets
-
-
Target
payment copy.exe
-
Size
1.9MB
-
MD5
8e6ca3bd2855438188bb22fdbb73a712
-
SHA1
c2b8c77e04998e04a15ab61d5d7557864f9ec7ed
-
SHA256
1a0b85e94b4c6c47e743b96560b09aad2194278caa770f27ca2e85ad69b62e93
-
SHA512
95a70d94c353ac42ce6c98be8b0dd2c1e8550dc1d44682e19eda0b20245b140be34ab88a6f2dd95d008329186684d5d7c10d735d0fe893b0caa96a8a449863e8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-