General
-
Target
Payment Advice.exe
-
Size
269KB
-
Sample
211203-rgpf8abgh2
-
MD5
42c08daca71ce2bf1fcabb9d086ef74d
-
SHA1
c208ce6676726ac3640f5b8abb86694e5e2869bf
-
SHA256
96a5aa93e408361cc695ac8e9cdc3535c64bfd88b9ab60535683ddc488289eda
-
SHA512
ea6ed2c0f5f5d92bb3cb7707e136c0f00d36fde3db0a96461a8a997e0c9796d23ad6af9279a7675c927f3ea13fc90f98a032080574284060e4dcee3107a9ccdb
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.croatiahunt.com - Port:
587 - Username:
[email protected] - Password:
VilaVrgade852
Targets
-
-
Target
Payment Advice.exe
-
Size
269KB
-
MD5
42c08daca71ce2bf1fcabb9d086ef74d
-
SHA1
c208ce6676726ac3640f5b8abb86694e5e2869bf
-
SHA256
96a5aa93e408361cc695ac8e9cdc3535c64bfd88b9ab60535683ddc488289eda
-
SHA512
ea6ed2c0f5f5d92bb3cb7707e136c0f00d36fde3db0a96461a8a997e0c9796d23ad6af9279a7675c927f3ea13fc90f98a032080574284060e4dcee3107a9ccdb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-