General
-
Target
Overdue outstanding payment.exe
-
Size
486KB
-
Sample
211201-try5hsgge2
-
MD5
0179849255f244ff4d1fdcf80de11d62
-
SHA1
cc07af55096e438563a4282908eb072798632f4b
-
SHA256
d19374cec5e2690fd65801da1e3f7fdfad011ff4b8aac6c4352959355f0ca729
-
SHA512
91ae3a2373dc4805a5b603a54af6574ef54a46c11e252acc9e1621009da3b1b10a62013ee6389c1e85e7e0f9e5f3d0be67b6c16b9e248fc8815c5c5937453685
Static task
static1
Behavioral task
behavioral1
Sample
Overdue outstanding payment.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Overdue outstanding payment.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2129831935:AAFsDWWUF1IwkP0mys1D0YX41mjPAs-L-eU/sendDocument
Targets
-
-
Target
Overdue outstanding payment.exe
-
Size
486KB
-
MD5
0179849255f244ff4d1fdcf80de11d62
-
SHA1
cc07af55096e438563a4282908eb072798632f4b
-
SHA256
d19374cec5e2690fd65801da1e3f7fdfad011ff4b8aac6c4352959355f0ca729
-
SHA512
91ae3a2373dc4805a5b603a54af6574ef54a46c11e252acc9e1621009da3b1b10a62013ee6389c1e85e7e0f9e5f3d0be67b6c16b9e248fc8815c5c5937453685
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-