General
-
Target
243098b9b9d19dae5e1842ddc9ed2e13d48bd23225a4046c6f18c64eb26de881
-
Size
404KB
-
Sample
220521-bb2xcsefhm
-
MD5
b4464b546ac2bf3294f11bc3b1940b63
-
SHA1
9a7de7c95a0f58338530e9f45a21d207b6ac3b37
-
SHA256
243098b9b9d19dae5e1842ddc9ed2e13d48bd23225a4046c6f18c64eb26de881
-
SHA512
3ae8b98112fe9558e225586ac80ff8efb4c760b76a59c4587fd7d6367197e38b28364cf273f2d4e4dd70153c1091851483408346c9365bd592161374ebad1217
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Slip.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
esut96092
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
esut96092
Targets
-
-
Target
Payment Slip.exe
-
Size
475KB
-
MD5
7f3a99d47417a3066a9c5f323ada90e6
-
SHA1
28f5a6940c7636f0e02a699faea14ab15e4ebc4e
-
SHA256
e0c95ef77637687f3346c2e65dd2a2e8f688ea3ba32d5150410ca30b5905c621
-
SHA512
3091f37496bac32d8806a7ed887eb609f63347e1c7662209a2a6ad82ebf333cd83613b544d086378e722f4831af2cc63ed9af58ec0ae28c08e50f93dc0a3cf47
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-