General
-
Target
payment copy.r15
-
Size
406KB
-
Sample
211020-gwf4aagfc3
-
MD5
9aa3ec31dbd69c0010d81a21254ffba5
-
SHA1
005e0d5704b2c7a23e9e358d9e1bb4d3217b66f4
-
SHA256
c74084caf3f2dee6141c9448248ce030d948341cbd3bfbb31b406cb10bbde7a5
-
SHA512
15d69295ffc4084f05d13bd0f4a714c82c83bca76f9bb87e3f894a52f8fdd97254f32cd5f546cc4aef4c70df4a776e52a7a45611f6f2c500cd4a02d0f4bbe711
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
payment copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
User@40378
Targets
-
-
Target
payment copy.exe
-
Size
463KB
-
MD5
5ff2f079f187c67618fe79ade442dd5f
-
SHA1
5bc25a34a2d8194c73e344ba58a25280bbcc21e9
-
SHA256
6c4f03f9b58f8d25fb24a1ea161bf61fdafbc7050ccbd4f026098e58e2ba8fe4
-
SHA512
402122d29aef25258e0bd65f2c7932512b7bcada0db6f672c123d94951f3697d9824f0f28b95bf45991e197a35a55d38d5702b0806053529360cff5991b55d6e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-