General
-
Target
Payment Advice.rar
-
Size
429KB
-
Sample
211021-rnzwjaadf5
-
MD5
874fcd31387c62a08f731e368b1ae5d2
-
SHA1
aaab11460d1265f60b78265d56819901df25dfd8
-
SHA256
06c943dfc237fe26fc2db95d6673595528106dc53dd3e1d138fcdb09a97c6c94
-
SHA512
b5ce74923f46c51c0307f3bf611ab2a68a53cf706f6e3b3569a96ba383759d814a86be3f32d3e7c8f392f9e19d289f711903549c6f3aa5128440ab0aedb5ec45
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
sales@tanimas-id.com - Password:
!xgapua3
Targets
-
-
Target
Payment Advice.exe
-
Size
597KB
-
MD5
91abc47e7bb4110eea539082f7cc5559
-
SHA1
034b17319ec75aed6e6becad1a7efa8f9374228f
-
SHA256
b5424ff763ec9e9cb9389c81087597201a36c999f7c2dc80be51b92ce17add06
-
SHA512
7ca52acf1228c91205ade4a8efe24e1c04d11e53bb460334b1e8dbcbfda3c10f7bf594d6ce8a423c1d47d6eaca3bc0f621d386e19cbdc0c84f66f24bdc59ad96
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-