General
-
Target
ce20ed1addaacee45455d1860e4db0147df147db101397595847be0bbf034ba8
-
Size
472KB
-
Sample
220520-3sv9pacchq
-
MD5
9cfef83d9fe5e5a6698095c9587fdb60
-
SHA1
275844ff56fd005d16a68f6ffda40763b66ab09d
-
SHA256
ce20ed1addaacee45455d1860e4db0147df147db101397595847be0bbf034ba8
-
SHA512
2f369be63aed01f3b9a89cee44087ba62ba91b659e2af084a279cd15b3dfe7c44eed0a8385916a080a3ba90b4fddd5ee808af0529cd3eb41b07f3aaafa440a7c
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rezuit.pro - Port:
587 - Username:
[email protected] - Password:
FHh@IY!6
Targets
-
-
Target
Payment Advice.exe
-
Size
583KB
-
MD5
7756e27c0e1bf3a7570dc64d25f7b2b2
-
SHA1
c7310dbaf416667d9bcd2ea3223e76abbc1223f7
-
SHA256
00318700fdcaaec780be04e2902af39ef9864e977db257eec6c8d3792d7aa085
-
SHA512
558ec71918509504948c2c0ab6ae3eeb13f5b8321579a75ac2bb825b7821edcb94e7b0afab0cbc7e190b07c5c37c7f58ab4d61ad287e9134c1ccd36e57fc307c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-