General
-
Target
3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf
-
Size
467KB
-
Sample
220520-2kfctsfeb4
-
MD5
ee3228ed165179f3cee0e597724e6c54
-
SHA1
788747cda08ba8aaeaefc43d6aa237960e0ca539
-
SHA256
3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf
-
SHA512
3ec66e264578047c18d403174d59112d0f03a81c9d13a8491e5f700698984d03c6d7f0231eb58a19eb28da497de53e8cd8895618099d624ba9fb8df3497e3e56
Static task
static1
Behavioral task
behavioral1
Sample
PROOF OF PAYMENT.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PROOF OF PAYMENT.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
payment123
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
payment123
Targets
-
-
Target
PROOF OF PAYMENT.exe
-
Size
555KB
-
MD5
89f884a7f504cdb9981f40e84f67a874
-
SHA1
8903e0aa1959cc486f3950d99dac80fe23527c52
-
SHA256
2119e2edacd5fd8a85697a8f271f328c2337ce04fb86d9aa6c38007bf78a0ce4
-
SHA512
532192980bb97a86acdf5be5b45fe22c233635a4a3979673b8bfec644de13a0341594b9553c3867f66c2c5f85e89ccd7b89be7788f0ba3a787c0bc9a5ed6a590
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-