General
-
Target
Facturas pagadas.exe
-
Size
397KB
-
Sample
211019-l4ktnagefp
-
MD5
62098e316fd36c20ff90e7cf231fd68e
-
SHA1
98ba0de7eb77d976f55866609e5ab0e7e616edeb
-
SHA256
b631c15a2beb5544fd25a832726d1b467b68002efca72ad944f36a627f72ba8b
-
SHA512
887d7f58d8d7fe0e1f824018c0707e4e6724c92aa720bb58f3679089b8024029c3a0b136f18c7b8a6a2b8f0276cfe3a5aac8f9eec96ba5a3a39cecf9dbcf9e82
Static task
static1
Behavioral task
behavioral1
Sample
Facturas pagadas.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Facturas pagadas.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
baorhihusmusqbnx
Targets
-
-
Target
Facturas pagadas.exe
-
Size
397KB
-
MD5
62098e316fd36c20ff90e7cf231fd68e
-
SHA1
98ba0de7eb77d976f55866609e5ab0e7e616edeb
-
SHA256
b631c15a2beb5544fd25a832726d1b467b68002efca72ad944f36a627f72ba8b
-
SHA512
887d7f58d8d7fe0e1f824018c0707e4e6724c92aa720bb58f3679089b8024029c3a0b136f18c7b8a6a2b8f0276cfe3a5aac8f9eec96ba5a3a39cecf9dbcf9e82
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-