General
-
Target
e027d468795ab5748de7bbb798ea33ddd356023120d17acee184a30488828188
-
Size
542KB
-
Sample
220520-3nwdwscbdl
-
MD5
cdd46c6d1eb69c12dcd68273820f5aa5
-
SHA1
8034396de063ef661f7987dc122decfdf03019c2
-
SHA256
e027d468795ab5748de7bbb798ea33ddd356023120d17acee184a30488828188
-
SHA512
b62b05a522eef4281d8af8f1bb395068830b179f08a5b49931e6fcc4d8802d2dd278279b71859d7d0220fc8cb66a65f7741c9b478a1c15f724dae4ac3f03a5be
Static task
static1
Behavioral task
behavioral1
Sample
Remittance advice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Remittance advice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.epaindemgroup.com - Port:
587 - Username:
[email protected] - Password:
}bf9e+EW5s$k
Targets
-
-
Target
Remittance advice.exe
-
Size
702KB
-
MD5
736d97bf30323f0b3384c41fe0ddbea8
-
SHA1
17ef4b46c3ee13339897a723403c36da848358a9
-
SHA256
6f2ed9ee33724651d7fb52edc4dbb3bfde3c19ca12cf5e990952d392305d1c20
-
SHA512
12ccf84d6a933818cd600b6c0c7f3b91eb0198058c7c5eb90431694d39d5134cb760e74b50d3211dd202a7df93af2412222ad062e763f39e0891aa7b20965156
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-