General
-
Target
支払い命令.tgz.gotu239.partial
-
Size
405KB
-
Sample
211022-f6m4xabbd8
-
MD5
ce972c3bef52443754c615f467794976
-
SHA1
b8a6bee43c39f514ac9b4dae7c882da194efc502
-
SHA256
212cb7a1b5b7d323d0c06d19c79c35a65fcb805c429132618828b5e7b29796a9
-
SHA512
a6f8ee9e6cc0740a1b93a0dad310bdae4c017b354f83b232127bd1e91e0b03dfdc137f370e39348b65b68afb3e544f80e70c02e22f497e4af84f3d829fcf548b
Static task
static1
Behavioral task
behavioral1
Sample
支払い命令.exe
Resource
win7-ja-20210920
Behavioral task
behavioral2
Sample
支払い命令.exe
Resource
win7-en-20211014
Behavioral task
behavioral3
Sample
支払い命令.exe
Resource
win10-ja-20210920
Behavioral task
behavioral4
Sample
支払い命令.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
soceanwave244@gmail.com - Password:
baorhihusmusqbnx
Targets
-
-
Target
支払い命令.exe
-
Size
541KB
-
MD5
f5fabfdc406897f2026193d2c50f9e33
-
SHA1
57c68b743c7f80c2365ddfff0e0c2253b2cc0628
-
SHA256
b64a7759ecf0ee5e886d56faa7dc557f0a1b06f63c39cc2f96feb1e8dd150c94
-
SHA512
222e882cb32c25998888dfbb4f9c415ff69ce285fabb8ffdc1a3dc0f7ec7210b46cdf751b39c7e75bd3a7280f85f1997d25c528feaef0b7f48c355aa4d35724d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Registers COM server for autorun
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-