General
-
Target
c4bc735e483c455cfa6925262c67671e7fa9720c0166aa26881ed4697ed0218b
-
Size
525KB
-
Sample
220520-3vbytsheg3
-
MD5
d30ea30b2725d62ef5aeca2a55c767e8
-
SHA1
734a4e667399330722fffa65f014779b885f2470
-
SHA256
c4bc735e483c455cfa6925262c67671e7fa9720c0166aa26881ed4697ed0218b
-
SHA512
783c6409ce28d2fe840360e6bace1b2a50266362f85d436de33bab9cb560284fe5efb5eb6a7bed441a35bb97238d032b01fa55ba5695671fbbb68cd7979de322
Static task
static1
Behavioral task
behavioral1
Sample
Remittance copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Remittance copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.jascf.org - Port:
587 - Username:
[email protected] - Password:
v4Sh@2P$keSd
Targets
-
-
Target
Remittance copy.exe
-
Size
729KB
-
MD5
c86e1314d84055040470216e546648df
-
SHA1
575a0bd92de0286999ad125f4e32acfe0e19a834
-
SHA256
51031d05083e587fa113208a5de4c7f7c0bd4f6ee385bdfee92c63786f7d7e88
-
SHA512
0a27c34593318a460f31f568e3ef9739f6778884720d8ac65b623db8bcf1df2f28d16ae52af2deb3109a7a943222dcf704ceaeffd1a7e15165651a96fa7d2f5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-