General
-
Target
efc0eeca100e9825ad16c2748b547b4e09ae42acb725a285d8ae4b8fac58b5ae
-
Size
418KB
-
Sample
220520-3bdy3sgeg7
-
MD5
adb7f1b050ff60dde14bb2c971ee22b4
-
SHA1
18d72416484287cc78c785e9aad7fedcfcadaa98
-
SHA256
efc0eeca100e9825ad16c2748b547b4e09ae42acb725a285d8ae4b8fac58b5ae
-
SHA512
7418ba4adf78d97b07479b14aee5560a9e7d6e2b0deb7942c75fa3e81f4f066e4df66544d7de769453d7315f1d87674accdaeeced178702a038df75e9496bb85
Static task
static1
Behavioral task
behavioral1
Sample
wire payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
wire payment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.transfastc.com - Port:
587 - Username:
[email protected] - Password:
Godalone147
Extracted
Protocol: smtp- Host:
mail.transfastc.com - Port:
587 - Username:
[email protected] - Password:
Godalone147
Targets
-
-
Target
wire payment.exe
-
Size
520KB
-
MD5
7db674d183d49e66982dde6217ae2213
-
SHA1
28fad354b7d8dca874b49c68616401562075009f
-
SHA256
91e478af0d259a398a1f018da401190e09bb38ee5c15647f4c97a35c43d9800c
-
SHA512
5241e51a9094bc1f0b12b54692cf56bb258218e88af7124b6e97c4f507b8bcee00ff9ca84335a76f285a06fabbbe4450248079b0710fb478bd30090033a22be0
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-