General
-
Target
12882b54a8dda6cc782150be3a369aa64354a0c4dc4d4ba0bedf74660302126b
-
Size
489KB
-
Sample
220521-bcajhaegbj
-
MD5
7adf436869a0154e6f477057d56d55b6
-
SHA1
b586097de02616a86c960ccc794fda6a7459597f
-
SHA256
12882b54a8dda6cc782150be3a369aa64354a0c4dc4d4ba0bedf74660302126b
-
SHA512
9f2530610928feff261fe362715378269ecbaec9c985b99e54652dbb19914aea93f6a57ce0e7887277dbb566208e737be8aab33be00419d64cef65b77da6e8f4
Static task
static1
Behavioral task
behavioral1
Sample
payment_copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
payment_copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Blessed000@
Targets
-
-
Target
payment_copy.exe
-
Size
863KB
-
MD5
3e720d22703dca6b558d1eb8bd522d84
-
SHA1
34377b298eaf020b635310e65b91ac729fa87972
-
SHA256
a98bc56a3689009619845fc3491c944ee12408cfe457e0a59fb2fae808c784f2
-
SHA512
71a80305b6e4dbb625f951749de2a77980bcee1356b8ea558756ff687cbf1db50f82cea86879ef796fca09afb09dc8c27d47f9fd0e3c4446f44a6fba6cee9255
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-