General
-
Target
Payment_Advice.rar
-
Size
358KB
-
Sample
211017-npjn6addek
-
MD5
50e13f742778979f4abe03ba8b9534d6
-
SHA1
0d6746ec895ea11272215eefdc023e9b5582e0d1
-
SHA256
23007a429b78294cbf7d8c8ca5109ccad9952513a35511a9accd5e10c7e7ae79
-
SHA512
cee10c02f9c58615782092207f1c39706de8c93880c14d8a252b8a881b180066126af03d3c402dd8c2fe0058919464b393506432eb6cc17b48188ccaa57bb349
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advice.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Payment_Advice.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.showpiece.trillennium.biz - Port:
587 - Username:
[email protected] - Password:
money12345@@@@@
Targets
-
-
Target
Payment_Advice.exe
-
Size
406KB
-
MD5
6a0b5847e9f478801ed0a8705e0b8639
-
SHA1
2a6c9497193ff928fd913faec2e71973f09c5e50
-
SHA256
3c7d808408e9f03adf60b3f467a0e99ebaef329e2e11296a5a4968939d69b5b5
-
SHA512
c3016e04088d7d8188ef00f8b324cfbff93770219eee425a9d0b454d69a1bcac8868b55b37e44469664b787f889daefcf966a9736546af62ac0eb8d5d6c19ca9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-