General
-
Target
PAYMENT COPY.exe
-
Size
911KB
-
Sample
210511-zk8a96qarx
-
MD5
497fdb0a1fa8970ac4e81aa66278b6ed
-
SHA1
5bacbe7521f6d6de1a7efc85d92fddf7fd358b21
-
SHA256
c70bf2aeaa6b9f644dadc0617debe3ec20671adc1e2ee8c60a8a932bf99e3c63
-
SHA512
b52fccf2ff91ae3a4ed7d87ba14ba715a8780e7004e632995949757fc3f414312f12c1c141d5033c3764cfcbd6955644514ff1961813fe5551cace35cdfa66f1
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT COPY.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PAYMENT COPY.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dadabhoy.edu.pk - Port:
587 - Username:
ghulam.sarwar@dadabhoy.edu.pk - Password:
Dadabhoy.456
Targets
-
-
Target
PAYMENT COPY.exe
-
Size
911KB
-
MD5
497fdb0a1fa8970ac4e81aa66278b6ed
-
SHA1
5bacbe7521f6d6de1a7efc85d92fddf7fd358b21
-
SHA256
c70bf2aeaa6b9f644dadc0617debe3ec20671adc1e2ee8c60a8a932bf99e3c63
-
SHA512
b52fccf2ff91ae3a4ed7d87ba14ba715a8780e7004e632995949757fc3f414312f12c1c141d5033c3764cfcbd6955644514ff1961813fe5551cace35cdfa66f1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-