General
-
Target
Caixa Geral de Depositos_Copia de pagamento_pdf.exe
-
Size
27KB
-
Sample
211202-tcesbsdcg8
-
MD5
ed3366cb849f6d62bb381e66d96b42ff
-
SHA1
41dd0051e764c1d2bf820b753c41f249fd25ba8a
-
SHA256
13f1dfeffed355ec22cb812a98ae895fa0ac4f5e83f9ff5598649b3933f0d53e
-
SHA512
6423e833a759a989a6d23ee03d244771d05c2a292ecb420e5b641ec047fa33fec2ba7e96d909474689480804298baa3d54f554f4e11954b742cd6c10dda7feec
Static task
static1
Behavioral task
behavioral1
Sample
Caixa Geral de Depositos_Copia de pagamento_pdf.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Caixa Geral de Depositos_Copia de pagamento_pdf.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ingeniumhea.com - Port:
587 - Username:
mantenimiento@ingeniumhea.com - Password:
IngeniumM18
Targets
-
-
Target
Caixa Geral de Depositos_Copia de pagamento_pdf.exe
-
Size
27KB
-
MD5
ed3366cb849f6d62bb381e66d96b42ff
-
SHA1
41dd0051e764c1d2bf820b753c41f249fd25ba8a
-
SHA256
13f1dfeffed355ec22cb812a98ae895fa0ac4f5e83f9ff5598649b3933f0d53e
-
SHA512
6423e833a759a989a6d23ee03d244771d05c2a292ecb420e5b641ec047fa33fec2ba7e96d909474689480804298baa3d54f554f4e11954b742cd6c10dda7feec
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-