General
-
Target
f85bc67aaab2bde84506eaa31bd55bcc32e03f1a4a5d53cf983f6dceedc47d8c
-
Size
385KB
-
Sample
220520-3jg1psbhen
-
MD5
a3126bee12ebfdfe7c663e74cbe329e5
-
SHA1
52491b9dd6352cd018459a1b88e43e0e322db46d
-
SHA256
f85bc67aaab2bde84506eaa31bd55bcc32e03f1a4a5d53cf983f6dceedc47d8c
-
SHA512
0a94c495a99c29607e4949d85eab9c580834a25a37506ca4e585565d004ec7153742c7c2276f249618d723cdd8fafee81b1d1f3b48d8a0586f2e261e82a5a341
Static task
static1
Behavioral task
behavioral1
Sample
pending payment_june 2020_xls.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
pending payment_june 2020_xls.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
[email protected] - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
pending payment_june 2020_xls.exe
-
Size
551KB
-
MD5
c865a9e228c050583bd7026cab6986e5
-
SHA1
24cd71ab522cd3db6057fa2ceb77e8a5f373f679
-
SHA256
eccb7dad3a4bff889e8f54ab9dd8603443cb62ffba05140d5cdaedb057e1486b
-
SHA512
79e57f16aebcedaae439511a27e46101ceae415c3fb9b418565b1446118cd2cbb2b8b14e2c87c503a61ced21b34c3acd4b529e536d2ff7efdd8a7ec2567ca7d8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-