General
-
Target
支払い命令.tgz
-
Size
375KB
-
Sample
211022-bllccsbhdr
-
MD5
9c7323cc2cd8ec45886d0185a3b2b8d4
-
SHA1
723cca6264c158950c4cfbcd29c2248e5e6aeff9
-
SHA256
fbe8e94906cfdc2f4f23ac278d864279039e4846eab7a64cad8537533da7cb07
-
SHA512
626c4327e010f4c16ce2214ae2694d0dbfb2698bd2f9021f45c5054e6e06f953e1b971f43c5e12fa0f80c6f5b86446edac772f2a7507f3c6d5946970066ed29b
Static task
static1
Behavioral task
behavioral1
Sample
支払い命令.exe
Resource
win10-ja-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
aalahajirazak.ibrahim@gmail.com - Password:
sontcehkwhxjwuqj
Targets
-
-
Target
支払い命令.exe
-
Size
413KB
-
MD5
7405648b8ba8b4c48445a7f55a61d459
-
SHA1
d77898b941ce97d62d6fd23b06256128ef453c33
-
SHA256
8f93b80f846e37ffc99f893ccf4b7a513af333cb5b9adfecc6386a5c17b470a7
-
SHA512
a58b95da177c3647692e85cc422d4057db730e73e1a3e4fb82a0ef387f4cc506e341e2c6a3ad8621f50fbef4fe80a6f751226000a4506725975d9e648f73a671
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Registers COM server for autorun
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-