General
-
Target
fd565413e45099e35bd06f454d409680233829eb5ac98824226bdf1d2cf3345d
-
Size
1.2MB
-
Sample
220521-b74e3agdgj
-
MD5
6fd689af8b78ff41fefbaf14e6d7f224
-
SHA1
c3f00f9d5af1d2229e9364d587d144054124175a
-
SHA256
fd565413e45099e35bd06f454d409680233829eb5ac98824226bdf1d2cf3345d
-
SHA512
0c51e920ea844e9bebc802713933b7c9ce2d279e081eb362a8665df9cd1c995789d1cecb2866fb54f10241ea327b3e6625dcb7ec2278846c354aa6451b71236a
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENTR.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENTR.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.oltec.com.sg - Port:
587 - Username:
jden@oltec.com.sg - Password:
jden008989@$
Targets
-
-
Target
PAYMENTR.EXE
-
Size
482KB
-
MD5
58b212d8fd89cd54104754fe0b9d26ad
-
SHA1
2406e24eaf9f6711813ff12ff85ed51bb299ef4c
-
SHA256
e9c5a3a5b00b7cccf4bb4f57ed7aed786d326ed8670bb4b7858d800a7d481148
-
SHA512
85f873175f1afcf27f641e54d18bddd36e184d0868eb3b1cbe0788200097b49f23e7da4089d7696f56a03ca6ce66d3366ad517d5a707b51692c024e75d235cb4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-