General
-
Target
Payment $67,830.00.zip
-
Size
534KB
-
Sample
210722-2r586mgkta
-
MD5
0c46aa1aef86e22db670991465705b84
-
SHA1
3a9469c9c13ccce9ad650c40604efe93da498f1c
-
SHA256
9932ebe09d500e0eb67ac036c5917b4ec748171e3063e17735ee27566ff19639
-
SHA512
cc997714af92b86c030d70e7950132cc86e83e0568a838652067e2d5fcdd18c080bd1e5d1c14598646280e5fe5e862dfd42c9c20a6a9b279f7ff009faced9f5d
Static task
static1
Behavioral task
behavioral1
Sample
Payment $67,830.00.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Payment $67,830.00.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
billions101@vivaldi.net - Password:
Great#@#$12909()*&^
Targets
-
-
Target
Payment $67,830.00.exe
-
Size
690KB
-
MD5
df77aaa6e3e3aa36d253ef893063452f
-
SHA1
db0f0750d0bbe620db17a719f74c06746a2e05de
-
SHA256
0e50b895ed10c7cc4ecab501bf363451c24b654e3c3da3ef889a6bd13856bd12
-
SHA512
1d31dd3e1bb6cc0b2f7b50d592084083fcf4eee05665589216669eb777ae7470f91d0839ae2caba82f84f727ea2218e7860899f1f8023c80e12c7acccbd81106
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-