General
-
Target
9fe4c8e3a59c6b1d73b96a985fd393e23c061293e21a8c544dd8235e2bfc1e19
-
Size
461KB
-
Sample
220521-abr7gscgfq
-
MD5
1648bdbc0d61b58375765a17604b9396
-
SHA1
70525e3069b0601c9502141401dfc6fc293ab405
-
SHA256
9fe4c8e3a59c6b1d73b96a985fd393e23c061293e21a8c544dd8235e2bfc1e19
-
SHA512
02f517c2d942abd791832d9c707e8582d9be404348c53be1ca3aed9d0c0d29db6bbc953e9a3c1ab5bd988038ad44ead05d11f874ab661861a383143f0a912e96
Static task
static1
Behavioral task
behavioral1
Sample
Payment transferred.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment transferred.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
chikaaka1
Targets
-
-
Target
Payment transferred.exe
-
Size
715KB
-
MD5
6271ffcd897f67848638457e7e441d2a
-
SHA1
feb35a8783c1cd4f87cd7d2d56c0e824f1f13585
-
SHA256
0db13e60f1c6a3901537f7886e2bad1ba757af7dda49ed5ad4fdb349a548ace6
-
SHA512
a6e0f6107f1bf18b6c14927541792547b8832616c58e7cb6b6eba28d2c62c47c7f121c5ceed069e56ddb95f52e8748995da32950ab7672faec97fa0e23115e5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-