General
-
Target
77604552d9c830399f0a222341731296c9cc06226c0d343e080b19c5bea53cf2
-
Size
548KB
-
Sample
220521-alwmnaadf5
-
MD5
ef711398fa98c21391cba3e740846f88
-
SHA1
bb037d9af992dff089b05d5e9d7fd7e5613e67a6
-
SHA256
77604552d9c830399f0a222341731296c9cc06226c0d343e080b19c5bea53cf2
-
SHA512
5c2314885b81e3c4a134829f79258923e2c0c1115ffc2780b6eb4d8bc8341b8a88227d273b71aa9ca72b393f9174bda361db19797bdc38fc9236640b24a7086e
Static task
static1
Behavioral task
behavioral1
Sample
Payment Proof.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Proof.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.taiemerica.com - Port:
587 - Username:
[email protected] - Password:
JuCbr%o3
Targets
-
-
Target
Payment Proof.exe
-
Size
698KB
-
MD5
9abb6b056df5fd1948ed0008fa402705
-
SHA1
5a6316760d1fc70edac6b78335ba08683e581090
-
SHA256
23238fe2dfccd6e140916ab34d11a4b42b84f485e02c102c58b696a11bd3e453
-
SHA512
2b91484958d25d05d9d13bad98fa8cd9d3e4847cb5a219718d5adce9068e510949fe28b56597534ae638a2925d04bf387b81aa98f0914b6b5806cf7a121440d1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-