General
-
Target
b685c8e356a07606e23b77007689360a1e881e701ebd52ede718fae2bb480457
-
Size
432KB
-
Sample
220520-2ah1zaaahp
-
MD5
8a8f26df40a837c16753e2bfd57ed1d0
-
SHA1
7dc3a81dbdec71819ea41f7a36862e38178caa8a
-
SHA256
b685c8e356a07606e23b77007689360a1e881e701ebd52ede718fae2bb480457
-
SHA512
f3dd383655f8914977967d4dfbc76283949ce5920daec7f0b0b2cdf22c1c55052226bd7a9a81662bc2c8209835d4ff1647ea9dec929ec00251e7fee7fd86029f
Static task
static1
Behavioral task
behavioral1
Sample
PROOF OF PAYMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PROOF OF PAYMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kateojo11
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
kateojo11
Targets
-
-
Target
PROOF OF PAYMENT.exe
-
Size
519KB
-
MD5
bc148c6c959e683bdb35eb8082de1348
-
SHA1
d6112abc878ef884111e8cb2c3bd08a16c86e7f0
-
SHA256
169841b0663caf89087ba42112cd8a2ce6f7ef0fa0da0a7124e74547031cc362
-
SHA512
641668dda8a5fa08a6dce837cae8781dd232b65966cdef0bffa1b845db41cce4cb3fe5357aad144cfd32cc2c12ffd45c03504586839d4dbbf0646ac10c07af5d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-