General
-
Target
7ae1f0e89676aef0ef50d46632884fc0802acd52d16a1385d7705a3c6234ba9a
-
Size
374KB
-
Sample
220520-3f1cwagha3
-
MD5
970fab2b3feef01c7a9fa0099466dd20
-
SHA1
f4098e5a8a578221d75c7052f0bf7dafe7bd5a2d
-
SHA256
7ae1f0e89676aef0ef50d46632884fc0802acd52d16a1385d7705a3c6234ba9a
-
SHA512
57d9edcaadf3be0b914d3fc7e9785e49a3ab74b9832ba477dbaac9f2929e1a5803960c9c33dffca190dfd48947420d90b9cff8e6a55a658ef60b140536ce58f4
Static task
static1
Behavioral task
behavioral1
Sample
paymentslip_PDF.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
paymentslip_PDF.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.linxons.com - Port:
587 - Username:
[email protected] - Password:
uk)e(tM8
Targets
-
-
Target
paymentslip_PDF.exe
-
Size
557KB
-
MD5
4c30bb1280bfa889635bee28a5f7b656
-
SHA1
3eaad24b7751bba0761c1ba2bb44357d304f5a69
-
SHA256
120cdf50d845fe285f219565995bd3a89077baa57202511d6d11eb5d059b08d7
-
SHA512
a875f7c664761b3e9951cea017d341d89c3a9dd642eaac609619bbac815b18c7cea8ad54374da533df69e3dbbcf251b7b219bbc94f709acc6fcecc68bc5328f2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-