General
-
Target
69de4a990741cf267cace9ea8e8fbedd1196557f16e229e628399b570e420490
-
Size
1.2MB
-
Sample
220520-29nqhagea3
-
MD5
f2731acedd2dd7d4ad4fec19063bb8fe
-
SHA1
72b0646231d5ab33e1edd484ea180615f59464f7
-
SHA256
69de4a990741cf267cace9ea8e8fbedd1196557f16e229e628399b570e420490
-
SHA512
dad0b5fb88a8c045e0ad917b6a83012cf935c85af46d7a61c60f84767590db699497ed9664f1cfb2fe5f3a5d68aaec5052491e3b2f1052f98f7b4c40ea1bfc57
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENT0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
webcontrolledio.com - Port:
587 - Username:
[email protected] - Password:
_ksy.gR+e7d2T93K
Extracted
Protocol: smtp- Host:
webcontrolledio.com - Port:
587 - Username:
[email protected] - Password:
_ksy.gR+e7d2T93K
Targets
-
-
Target
PAYMENT0.EXE
-
Size
654KB
-
MD5
cbd69894db7ba18e8f7086c348af69f7
-
SHA1
0b694c49229e0328289a78b11f0673ecf8ff5caf
-
SHA256
c7d982583e1af504552a440935e70c93182e33850c5744c1691a7920a578086b
-
SHA512
9c667e1de3beb5f85972865bc5aa734bf7e9266cf0febb97e2325af0d50242f29a93c8330a81db32e20fbea74ff9f79b2d0279d41d0d62ac76c6a7fb2a070660
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-