General
-
Target
Payment Slip.exe
-
Size
885KB
-
Sample
210511-kjmzah1n6a
-
MD5
94516e4ff491086bc06be869293b8ae0
-
SHA1
0aa49c9744e22a94537d6caf83af803aa41b10d7
-
SHA256
94f41c1050c0fcbc26b11fd97f17a1120ad5f0eab527e86fc9920de437a53e8b
-
SHA512
dba0ab7ab9617ee38cc1c79982898a3cd29eff0e3116b0446039dc11690487000d082f100100caf254108dbf4601be1d7a10bebf1df7b0f356135f761931fd77
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Payment Slip.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.teknicagroup.com - Port:
587 - Username:
shafqat@teknicagroup.com - Password:
admin#123
Targets
-
-
Target
Payment Slip.exe
-
Size
885KB
-
MD5
94516e4ff491086bc06be869293b8ae0
-
SHA1
0aa49c9744e22a94537d6caf83af803aa41b10d7
-
SHA256
94f41c1050c0fcbc26b11fd97f17a1120ad5f0eab527e86fc9920de437a53e8b
-
SHA512
dba0ab7ab9617ee38cc1c79982898a3cd29eff0e3116b0446039dc11690487000d082f100100caf254108dbf4601be1d7a10bebf1df7b0f356135f761931fd77
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-