General
-
Target
9cab48c42a443f01761dc30a3248c8ec757acd4df407df991ec2fedd70bba2d8
-
Size
414KB
-
Sample
220521-cxj44sefc4
-
MD5
0745c61b73a7b3bfc7125b2085eda9b2
-
SHA1
8872bf4c881d4da755e9478a749523088207e7d8
-
SHA256
9cab48c42a443f01761dc30a3248c8ec757acd4df407df991ec2fedd70bba2d8
-
SHA512
bcd4e316b62541f05a23075822ea64906fd4dd2f6a12088f2217c73edbbe12a31015d4d3effca6e9b5ee1c7feb7e812a7d2341fa9b0c78840862523107f61995
Static task
static1
Behavioral task
behavioral1
Sample
Facturas Pagadas al Vencimiento.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Facturas Pagadas al Vencimiento.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kroskofile
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
kroskofile
Targets
-
-
Target
Facturas Pagadas al Vencimiento.exe
-
Size
512KB
-
MD5
d1c78423165fbff2c47ffa3d31680456
-
SHA1
b41b78454e0441df4a3a87f62a896e0133d46063
-
SHA256
ac979891a231a3af79a31a52663f77fe151bbbddee9b13750ea02e82f6aefd40
-
SHA512
27615dfd230a1ff47a8ebe9541fc886885178e5725d8a7b66f3169562cb99c88fb4076384761f9ef6f0d3f78bf4332cd8c66907efe3fc722eaf4a878e88adde9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-