General
-
Target
Overdue outstanding payment.exe
-
Size
529KB
-
Sample
211203-tfpfyahaak
-
MD5
531e86d55ddb922cd268147ac004f604
-
SHA1
ea2dc2bf2a84d3f0aae358a0951e962ee8418f82
-
SHA256
d34b4cfc530b91d44ba82a15cdb948e4424e30ee57245f4792c8303d202df173
-
SHA512
c58a1a1c5af776464473bd66a1e0f04ebcc749bf2a3b0c346ab6b3c64aac59c28f31a1b45d4c739edc8e578c2055a757c498b20a0f674eef7ea3369e9382934b
Static task
static1
Behavioral task
behavioral1
Sample
Overdue outstanding payment.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Overdue outstanding payment.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2129831935:AAFsDWWUF1IwkP0mys1D0YX41mjPAs-L-eU/sendDocument
Targets
-
-
Target
Overdue outstanding payment.exe
-
Size
529KB
-
MD5
531e86d55ddb922cd268147ac004f604
-
SHA1
ea2dc2bf2a84d3f0aae358a0951e962ee8418f82
-
SHA256
d34b4cfc530b91d44ba82a15cdb948e4424e30ee57245f4792c8303d202df173
-
SHA512
c58a1a1c5af776464473bd66a1e0f04ebcc749bf2a3b0c346ab6b3c64aac59c28f31a1b45d4c739edc8e578c2055a757c498b20a0f674eef7ea3369e9382934b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-