General
-
Target
Payment_Swift (1).img
-
Size
1.2MB
-
Sample
211014-fdam4sgaaj
-
MD5
f4beba8b262975749f0e8fce6b04ab63
-
SHA1
b3f27539bbbfa1035c3af4240a02d672bc381b68
-
SHA256
9609006e1b62807fca63d9d5487a671268e7a987e58ab8d12e6b8cd3e32ea877
-
SHA512
4edbc0bd353ed59aa632c3835a9a69839af9669cfeb19830a19ace20f1f952d0450505e20baf62ced43c80ef1bc72336b8321298a3a25d2c30751ff1717208b6
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT_.EXE
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
PAYMENT_.EXE
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.alishair.rs - Port:
587 - Username:
info@alishair.rs - Password:
qR8JmTXtlKf0
Targets
-
-
Target
PAYMENT_.EXE
-
Size
275KB
-
MD5
f589816b35976438b88a621266d7d071
-
SHA1
1a845d22e5378b8771536806bb312f6ded7b1046
-
SHA256
e4c466fd6fb96b2ffc5682a75154df8501c8edb5234b14349ba5c01afc717b12
-
SHA512
c6a92f6520791f55b3603472451d09a7ab659cc93f5d66fabaece8293432889be07830a21da65cf8ee2b72d24890e7f571649e9a6f30ece48e7858549a349d67
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-