General
-
Target
Payment Advice.exe
-
Size
597KB
-
Sample
211020-1aq6xahfb9
-
MD5
91abc47e7bb4110eea539082f7cc5559
-
SHA1
034b17319ec75aed6e6becad1a7efa8f9374228f
-
SHA256
b5424ff763ec9e9cb9389c81087597201a36c999f7c2dc80be51b92ce17add06
-
SHA512
7ca52acf1228c91205ade4a8efe24e1c04d11e53bb460334b1e8dbcbfda3c10f7bf594d6ce8a423c1d47d6eaca3bc0f621d386e19cbdc0c84f66f24bdc59ad96
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
sales@tanimas-id.com - Password:
!xgapua3
Targets
-
-
Target
Payment Advice.exe
-
Size
597KB
-
MD5
91abc47e7bb4110eea539082f7cc5559
-
SHA1
034b17319ec75aed6e6becad1a7efa8f9374228f
-
SHA256
b5424ff763ec9e9cb9389c81087597201a36c999f7c2dc80be51b92ce17add06
-
SHA512
7ca52acf1228c91205ade4a8efe24e1c04d11e53bb460334b1e8dbcbfda3c10f7bf594d6ce8a423c1d47d6eaca3bc0f621d386e19cbdc0c84f66f24bdc59ad96
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-