General
-
Target
290debdcb25adee07d0803d8820e567157d54f628a4fe7872f5abc3f100810f5
-
Size
259KB
-
Sample
220521-bbyvpsefgr
-
MD5
a2974064884456c078b5a1664225f814
-
SHA1
39a644934f81151cf5db4e5ad76c6926466dc25e
-
SHA256
290debdcb25adee07d0803d8820e567157d54f628a4fe7872f5abc3f100810f5
-
SHA512
e3080fecd025d44905a6e1369ff08a0ba52ba12c50fa9865e93bdca5873f5908cbc7c6c876e5d4fbf7f4fb00bcb618a4e82d3164420494bfdeefc615b3318682
Static task
static1
Behavioral task
behavioral1
Sample
Payment details.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment details.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
premium49.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
H?fFFOdqJ%lb
Targets
-
-
Target
Payment details.exe
-
Size
289KB
-
MD5
afa9dd89b39ce8da893ab7f732bb7509
-
SHA1
d49c45bf0dd3505ee21eeed4e3aa428e6dcd1a87
-
SHA256
bf43ce90405a06cd50af226c1192ac72ecea7d1381889d3878e322b2e4744859
-
SHA512
4b7bbba014879e54ca3aeaca1972abf6aefec72067a195eecc03041351d3558840302f798dcce59448aeecb31ec9fbff7fca305aa24ea1d7d4315be8ae66317b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-