General
-
Target
payment copy.exe
-
Size
433KB
-
Sample
211020-k7w6esggh3
-
MD5
52e5279607c6ee625b8d01bdef0771ba
-
SHA1
f136b9d2629bc255fcc36537f7ff1032ed05f3ab
-
SHA256
ae847091d872af53d8c8f3e9d590a6ddfd24d979bd336c8a8fd4cccd5de20db0
-
SHA512
00771c173de6a7d9ce07e9163928e8c9adad2cfd9f170f0f62529e4d98409a34d057b223bf2712081e4da95e90a02491d4a836f44d4d43efbab15d46e3606d85
Static task
static1
Behavioral task
behavioral1
Sample
payment copy.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
payment copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sg2plcpnl0023.prod.sin2.secureserver.net - Port:
587 - Username:
[email protected] - Password:
User@40378
Targets
-
-
Target
payment copy.exe
-
Size
433KB
-
MD5
52e5279607c6ee625b8d01bdef0771ba
-
SHA1
f136b9d2629bc255fcc36537f7ff1032ed05f3ab
-
SHA256
ae847091d872af53d8c8f3e9d590a6ddfd24d979bd336c8a8fd4cccd5de20db0
-
SHA512
00771c173de6a7d9ce07e9163928e8c9adad2cfd9f170f0f62529e4d98409a34d057b223bf2712081e4da95e90a02491d4a836f44d4d43efbab15d46e3606d85
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-