General
-
Target
PAYMENT PROOF.exe
-
Size
737KB
-
Sample
211202-hn8c8scdfj
-
MD5
fdcbddac3d52773f6d1af78f53805169
-
SHA1
a6e4fbd6362f23c9ff160d2370023faec1c523c4
-
SHA256
4952674eee9adeccc538811c244e3f90bb71b2bc249a1c4f0b36f93ca77f364a
-
SHA512
6bc8b0522175d77c7297e4824e44cf9b95cc6add9b0f4acc0f16d58e44aede3390553d05469a5e15f33dd326ed0c44979c4b84e7e940c02180acd5712e20337e
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT PROOF.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
PAYMENT PROOF.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.diva-italia.com - Port:
587 - Username:
[email protected] - Password:
rr.@%5LjgLz7
Targets
-
-
Target
PAYMENT PROOF.exe
-
Size
737KB
-
MD5
fdcbddac3d52773f6d1af78f53805169
-
SHA1
a6e4fbd6362f23c9ff160d2370023faec1c523c4
-
SHA256
4952674eee9adeccc538811c244e3f90bb71b2bc249a1c4f0b36f93ca77f364a
-
SHA512
6bc8b0522175d77c7297e4824e44cf9b95cc6add9b0f4acc0f16d58e44aede3390553d05469a5e15f33dd326ed0c44979c4b84e7e940c02180acd5712e20337e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-