General
-
Target
001-Payment Copy_jpg.exe
-
Size
138KB
-
Sample
211022-vlvetacgem
-
MD5
e38c39929d384898ca31dce2025a5a5d
-
SHA1
d6cbaa65c555d812c8bb4fbd6b3cd96194c19e9d
-
SHA256
071c2735b8c6d74c6a792f526a51c9cf33b736af9d5cb392ae36ed2d636b777c
-
SHA512
bbc9accf729faf4553568b45414fc7d6f0939d57effa6b2b310a20c64bf1ea884090bfeeccc2fb851e50c83b82fa23bf2ff92422ed675575ad6d475742df26cf
Static task
static1
Behavioral task
behavioral1
Sample
001-Payment Copy_jpg.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
001-Payment Copy_jpg.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
margaridasantos@tccinfaes.com - Password:
TccBps1427log
Targets
-
-
Target
001-Payment Copy_jpg.exe
-
Size
138KB
-
MD5
e38c39929d384898ca31dce2025a5a5d
-
SHA1
d6cbaa65c555d812c8bb4fbd6b3cd96194c19e9d
-
SHA256
071c2735b8c6d74c6a792f526a51c9cf33b736af9d5cb392ae36ed2d636b777c
-
SHA512
bbc9accf729faf4553568b45414fc7d6f0939d57effa6b2b310a20c64bf1ea884090bfeeccc2fb851e50c83b82fa23bf2ff92422ed675575ad6d475742df26cf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
AgentTesla Payload
-
Downloads MZ/PE file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-