General
-
Target
403c6000e18a07af09302916198f8c5a97026be5e617a447e58d5bd685e84456
-
Size
378KB
-
Sample
220521-b19cqsfhem
-
MD5
c5642605864ee7d374e8ff78ee23a6a2
-
SHA1
56c447247e1ea2d95c0f3e6c83f444f7195e1660
-
SHA256
403c6000e18a07af09302916198f8c5a97026be5e617a447e58d5bd685e84456
-
SHA512
a9667e20c1939a54e2753d65c7a0cb073e93be22df8d92ca3a70d2b6ad8d7af83d6f1e2eb9fc8b124bea1496d89b76df7785d8dd6739e775c54f83717e89c713
Static task
static1
Behavioral task
behavioral1
Sample
pymt receipt 001.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
pymt receipt 001.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
7*noaCk_l6G+
Targets
-
-
Target
pymt receipt 001.exe
-
Size
461KB
-
MD5
6ac28e32390868adb3399e5332e77a2d
-
SHA1
73b73cf43572e1b416ee6f610a24e035e6574ec0
-
SHA256
3f9bad2b998ec7429ea897361105af0a53f30bcc3535fd6af5abc65387899552
-
SHA512
846cc7c9135630523fdff2ef2eb638bbd52cf30cf3c9b79ec462572b655d501186453ca9b8f9bfc7bec033534da1a15ee7a47a472ce495e667ba61eb9ffd83f7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-