General
-
Target
Payment Copy.exe
-
Size
163KB
-
Sample
211022-mfczkscdak
-
MD5
1d98b20b0aaff4529830badd847d6f74
-
SHA1
2fc732c85a9696c926fc3c002e918b34292cacf3
-
SHA256
ff5a9952f9262a760b7e87fa0b9e1d4880b8f7dbc348b4697c340be813882b16
-
SHA512
2548ac386a3f41074d8f02d86dcc3df2fd8c1e13e6625ce50a015cb1333b710b6deeda895909e46c3cff8e52b832463103b81b56c0e4781a3982e4185a9c9eac
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Payment Copy.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
kerekesfoto.com - Port:
587 - Username:
sales@kerekesfoto.com - Password:
admin@abc123
Targets
-
-
Target
Payment Copy.exe
-
Size
163KB
-
MD5
1d98b20b0aaff4529830badd847d6f74
-
SHA1
2fc732c85a9696c926fc3c002e918b34292cacf3
-
SHA256
ff5a9952f9262a760b7e87fa0b9e1d4880b8f7dbc348b4697c340be813882b16
-
SHA512
2548ac386a3f41074d8f02d86dcc3df2fd8c1e13e6625ce50a015cb1333b710b6deeda895909e46c3cff8e52b832463103b81b56c0e4781a3982e4185a9c9eac
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-