General
-
Target
2facb653255485efd305d56f80615d88586b544e506a53159e3fe6e23c718a0b
-
Size
388KB
-
Sample
220521-b2d8zscha4
-
MD5
c12c8e0ab1e56d1a0755da936f7a5d38
-
SHA1
5e870bbe6b86f9bdcd7d30fe2d49509f53943639
-
SHA256
2facb653255485efd305d56f80615d88586b544e506a53159e3fe6e23c718a0b
-
SHA512
d14502a87b3b53b8d5934d2ac1b6f648c1ba019751b81993fcf628a2e0b054049998332bc19698a6b5d686294e1bff7e906b271cd57fb30bfc31ec0e61099dd1
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice MT103.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Advice MT103.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
smart123456smart
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
smart123456smart
Targets
-
-
Target
Payment Advice MT103.exe
-
Size
471KB
-
MD5
89d60b6144c530fb18bc2e6d5efeba61
-
SHA1
9afbe98efdc9a4c3aa6023edafddfb1473d93681
-
SHA256
a4c7a4ecef53c62c75818dbb273af060ee50e7f519fd7abd4d33445a5dbe17ce
-
SHA512
1274b8d24bad1455aad096f83ffd80fcc7e3d3b18524447c8ff7eac0b75ff38000fa7c57967eac8ad73b4112219134dc6fd4ed2f0393ca6b21f26965ef610628
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-