General
-
Target
78ebcbeb0a00ac427ce65091f345f451857c9cedb8fe1402ddebbdeac4277cb3
-
Size
646KB
-
Sample
220521-aljyvsadd9
-
MD5
ae90a63ba6bab9a0b1e4b072d243db76
-
SHA1
627d7e89022a0591227c21db8b4c316caad0d02c
-
SHA256
78ebcbeb0a00ac427ce65091f345f451857c9cedb8fe1402ddebbdeac4277cb3
-
SHA512
6eddea9acd4584815d86d59032dd84139cf71976498233ea13e62273c593f1c070635d337113cbc0bf1e7759b19e72c7bafbba63df3311e7bcf383877783ca89
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Blessing123
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Blessing123
Targets
-
-
Target
Payment Advice.exe
-
Size
683KB
-
MD5
77ec82787ea4c7f29ba92d5964f995a0
-
SHA1
e23d1db3e9a33c462379784b613ad8501d1542d3
-
SHA256
64504fc175c04466af0bedfabfdc045bf59cf46e144586cee4e4d1a91ffef5e2
-
SHA512
5b587a3ba52313430f897f0b68d4823399c0d7a603a91df1f7d45faf4846ce405d5b858e43591aa27cf8bec874250d8235da9cdbd58d2d8a537d8c60baa396aa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-