General
-
Target
Payment.zip
-
Size
55KB
-
Sample
210922-lc3kdscah9
-
MD5
f0876a5d91e17b79544278f8726fe4a7
-
SHA1
d6ee4e7acf8c881bc4f4f3cc90ea66af8b136baa
-
SHA256
0115201f17cb83a2bcf49068ab1437103a63b9ae2895640ddde30f74dfcb42ad
-
SHA512
cf142cdd3204bf81ff90d2ca8eb8121e43023f8f3e280df3710e1d84d975f2705dd413c635ce3910e23f335727967428b798306da8b6d767622be62ced9c0d27
Static task
static1
Behavioral task
behavioral1
Sample
Payment.exe
Resource
win7-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aquaclima.gr - Port:
587 - Username:
[email protected] - Password:
N]t+~*2=X1@o
Targets
-
-
Target
Payment.exe
-
Size
149KB
-
MD5
46a9cde2229b45d390ad40ce0cc997f9
-
SHA1
ddf3a356e42d2a15ccd930b0d5c6d7077824ef8f
-
SHA256
4c4a0595a5ac3499e7d398aa9cbbea5fc5a77836be706c50bbae6dd7c0c6aadb
-
SHA512
75a082b7a9a0df0a2b9f26fffcf8592f13d46c2b5bffc8830a100efcdd4cfa8394bb2a567f74c4c890f4f9cdcdeb103900cbb2990494971a119e2d128910340f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Turns off Windows Defender SpyNet reporting
-
AgentTesla Payload
-
Nirsoft
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-