General
-
Target
PAGO FACTURA 3802.exe
-
Size
1.0MB
-
Sample
210727-2y4sv2hr7e
-
MD5
c2a78d097da563f35e0626d697535dae
-
SHA1
e2b40d9bd7e37cad70a6a6f1fef3ff9d1545f833
-
SHA256
5d132e1c970e448e1e65657a7990e0c894f79ec3588ea32b0e110fb01685b4bc
-
SHA512
aadb41c7ef1ae862a6855af9b4159536f3b965fc415aaf178f23c06c36418ab8508fbffc69669730cbe06b16fa9bc837b1ec0dbeead91a0df6d283023696461a
Static task
static1
Behavioral task
behavioral1
Sample
PAGO FACTURA 3802.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
PAGO FACTURA 3802.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.belpac.org - Port:
587 - Username:
log1@belpac.org - Password:
TfJfVT^8
Targets
-
-
Target
PAGO FACTURA 3802.exe
-
Size
1.0MB
-
MD5
c2a78d097da563f35e0626d697535dae
-
SHA1
e2b40d9bd7e37cad70a6a6f1fef3ff9d1545f833
-
SHA256
5d132e1c970e448e1e65657a7990e0c894f79ec3588ea32b0e110fb01685b4bc
-
SHA512
aadb41c7ef1ae862a6855af9b4159536f3b965fc415aaf178f23c06c36418ab8508fbffc69669730cbe06b16fa9bc837b1ec0dbeead91a0df6d283023696461a
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-