General
-
Target
Payment_Scanned-Copy.exe
-
Size
424KB
-
Sample
211020-mljdjshghk
-
MD5
4341dadc9334d9f1ad93aa21e97272b1
-
SHA1
cdae7f2f7ffd1148c64309fe01e3423607f7c7bd
-
SHA256
d96d166e391320de79c459f8601901748f0cd39272fd7593a07b495de6bb574b
-
SHA512
50c462f4d1af8aa5fbece3a7c3bf45eb7aa57bb84795fe371e145f410e443eaec83d843123b7050bff7a4c68208ab264de6b7d64fd8dfb6f791b02802ce4e6cf
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Scanned-Copy.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
Payment_Scanned-Copy.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
emeka@generalbravo.com - Password:
e)cnIdR1
Targets
-
-
Target
Payment_Scanned-Copy.exe
-
Size
424KB
-
MD5
4341dadc9334d9f1ad93aa21e97272b1
-
SHA1
cdae7f2f7ffd1148c64309fe01e3423607f7c7bd
-
SHA256
d96d166e391320de79c459f8601901748f0cd39272fd7593a07b495de6bb574b
-
SHA512
50c462f4d1af8aa5fbece3a7c3bf45eb7aa57bb84795fe371e145f410e443eaec83d843123b7050bff7a4c68208ab264de6b7d64fd8dfb6f791b02802ce4e6cf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-