General
-
Target
d3f412827de9746af6ee41fd134ab53734ce666f9786fec6020e73090b39d3fb
-
Size
576KB
-
Sample
220521-bnjljscbe8
-
MD5
2cac34bf135e08bb284110c17405bff9
-
SHA1
47bbcb3a5e3b08344824e2c68a653f8ec8734ae5
-
SHA256
d3f412827de9746af6ee41fd134ab53734ce666f9786fec6020e73090b39d3fb
-
SHA512
423bbc010bc6cb13a2ed2be9452c200743ece18a928aabeb5e93eddc8feedd457926b6052fbd76047be8a77268640f57de07344f92b6a14d311e9f808f21a6e0
Static task
static1
Behavioral task
behavioral1
Sample
REMITANCE ADVICE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
REMITANCE ADVICE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.pptoursperu.com - Port:
587 - Username:
[email protected] - Password:
mailppt2019-
Targets
-
-
Target
REMITANCE ADVICE.exe
-
Size
719KB
-
MD5
de64989943967579858fe30c6c10e969
-
SHA1
00a162896289a64b0488d9a46bb7888bac5b7a0f
-
SHA256
0eb506623215bfd28e3f1b9f7f34b0fc254b0a2fe8a91f5cd0a62f26bd739169
-
SHA512
0df8a190958bdb15d0b000541ea31f4bcc5f1e7bb85cbe129d9438d763e5e8c9d056e4a32f33e7a42891fe1b0589e40588783a3d5ae6585057f1fbae232c42a1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-