General
-
Target
Payment slip.exe
-
Size
428KB
-
Sample
211020-m6vbjshhap
-
MD5
d85599a4afd0e04420fcaea0e7873608
-
SHA1
9f6a9f1ebae2a0668b9e25cd58beaaff31d33def
-
SHA256
28d5e6cd0519719ea136a6227cb4a5d598bf3bef2d317c0edc64bc059feaa3d3
-
SHA512
71f6aa47ca46d89e9a1187205eeb6cc29d9bc835b7058462889548aeab4c944aac1dc7561237b5f3add1ac1260aae7654ff83115cb51690d7e823c3c3470f3bc
Static task
static1
Behavioral task
behavioral1
Sample
Payment slip.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Payment slip.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
Everest10
Targets
-
-
Target
Payment slip.exe
-
Size
428KB
-
MD5
d85599a4afd0e04420fcaea0e7873608
-
SHA1
9f6a9f1ebae2a0668b9e25cd58beaaff31d33def
-
SHA256
28d5e6cd0519719ea136a6227cb4a5d598bf3bef2d317c0edc64bc059feaa3d3
-
SHA512
71f6aa47ca46d89e9a1187205eeb6cc29d9bc835b7058462889548aeab4c944aac1dc7561237b5f3add1ac1260aae7654ff83115cb51690d7e823c3c3470f3bc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-