General
-
Target
82656002fa0a300c1c6dda10d09163a0437d2fcb105b393f0eb9840d6fb056f9
-
Size
591KB
-
Sample
220521-ajcf1adbhl
-
MD5
8868a985145b40c243230722cbe5b458
-
SHA1
fd77155b9f38d53a56f20c9f71a83f4dbac03f01
-
SHA256
82656002fa0a300c1c6dda10d09163a0437d2fcb105b393f0eb9840d6fb056f9
-
SHA512
9e5717074239276bd8d68c79f3f8aad24939238956a6e7670dfeec59fa1a308ad8c2cd92b94ffb11e4c7634e4271e8a54fd39764392764237e412c71a0911d99
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Slip.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Prince11
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Prince11
Targets
-
-
Target
Payment Slip.exe
-
Size
758KB
-
MD5
122e2b7c8be6969c167766ec93c25362
-
SHA1
332ad5ba800c28f51947f61756ae038d990cf639
-
SHA256
6200afd2e5392b6cd25293e243c1f8807ad920e2c82cae8ddcf7f631edcea0c4
-
SHA512
99808ec37cac9d2e395161ee00c311afa5fa825f85567dd59e739975215b88691bcc6c868a5db37b065009f40d61d35124dca4b08f43cce55eeee3428934b977
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-