General
-
Target
Remesas Aceptadas.exe
-
Size
481KB
-
Sample
211021-k568lsaaf8
-
MD5
a3ebdeb1cdb1799ec204e9f87ac051bf
-
SHA1
8f51c5f8b4e4196bff4ebd07fb0416463ef2fd0d
-
SHA256
49b8d86772f28a310f9d6924d91b1d3bc7ec7d30026eab48a628e057f751037c
-
SHA512
80599a945d8fbffdc7094907401ef7407281930a0bde32c1e72124bfd5be87fd4fed96cab1b962752f0eac5ab4cab651cb7c1d1d441ef095340408cc94f28dcf
Static task
static1
Behavioral task
behavioral1
Sample
Remesas Aceptadas.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Remesas Aceptadas.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
margaridasantos@tccinfaes.com - Password:
TccBps1427log
Targets
-
-
Target
Remesas Aceptadas.exe
-
Size
481KB
-
MD5
a3ebdeb1cdb1799ec204e9f87ac051bf
-
SHA1
8f51c5f8b4e4196bff4ebd07fb0416463ef2fd0d
-
SHA256
49b8d86772f28a310f9d6924d91b1d3bc7ec7d30026eab48a628e057f751037c
-
SHA512
80599a945d8fbffdc7094907401ef7407281930a0bde32c1e72124bfd5be87fd4fed96cab1b962752f0eac5ab4cab651cb7c1d1d441ef095340408cc94f28dcf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-