General
-
Target
366b6e66741da4270a90cfb5cdce5f62f768642d3addf9666673970f48bde0a2
-
Size
507KB
-
Sample
220521-bbqt4aeffq
-
MD5
7b2cf80ee131e1a727ee59db62866000
-
SHA1
d0a8014e75cf650a6481865918e75f2fb350ad67
-
SHA256
366b6e66741da4270a90cfb5cdce5f62f768642d3addf9666673970f48bde0a2
-
SHA512
3ef24d112b5ba5e75bd304f2d816cd0be205e804d0ecf135ca3f70f6b70195992a908d5296c0d2100424104d4da27a3e524d0564ab3d82d4053e224304f4bb18
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Slip.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.puntomesa.com - Port:
587 - Username:
[email protected] - Password:
}k}kebLYY75V
Targets
-
-
Target
Payment Slip.exe
-
Size
546KB
-
MD5
cb6aca6228059b7dbb2b89c5937e8e1f
-
SHA1
21e41b59c39476968c2259d7ce9089aa3a819a91
-
SHA256
cbf2153e97011d74d46c765fe0209f95d26671bd0f640322131f02895898e50a
-
SHA512
c28a59bfb238378cc4f32e087e3c866fba95ec97f6cd49c845b56e05e052df44eebc5cf4eae96aa1e453c7b5f853a215640faab03c59d389ab571a3b51c2282b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-