General
-
Target
edf0562ed25e2cac70ae9a6a98002fb33871eb7a47d48cd7ba0b729a2dbf6c8b
-
Size
409KB
-
Sample
220520-3lgsqahba9
-
MD5
1c0e9515a76d50a313fbd68c898eb073
-
SHA1
7d1a27807a24a14b30245583870787ca37ea7655
-
SHA256
edf0562ed25e2cac70ae9a6a98002fb33871eb7a47d48cd7ba0b729a2dbf6c8b
-
SHA512
c61d5b9a5d77e64600068def2b854fd5f43fa1f32bb3cc22fe49a948a50a9ac13470c53223ed265caabd0db0f1223a8ee34016eb74be2e79c49d85fd8c0baab0
Static task
static1
Behavioral task
behavioral1
Sample
payment slip pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment slip pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
lFAvm@p#@z92
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
lFAvm@p#@z92
Targets
-
-
Target
payment slip pdf.exe
-
Size
576KB
-
MD5
73446b4f7828240c2176f6dbac0db41e
-
SHA1
17a9f153ab2ce844a8e2ef1f21b674fdc63f827a
-
SHA256
9b8bfd519d8bbe5a7c285f61c73abef27b4e18a22076d036698ec943b5e61c01
-
SHA512
0b34eb5d9a57d4f5de8988e7f0e3abf5a58235e8e5a895cbd88aa606661a9f8182ceb96881fd2aeb2652351ec26baf51acb4350a827b802e0635af66c61a7aad
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-