General
-
Target
3240f44bcafec1f5f6ad81f9b3f34143b58c1160d124054c627f03166bf26104
-
Size
946KB
-
Sample
220521-m9bzdagddr
-
MD5
76955742a1ec93be1612839eef1f8731
-
SHA1
095b37037ebc39f267b2422cb3ed284c5f715465
-
SHA256
3240f44bcafec1f5f6ad81f9b3f34143b58c1160d124054c627f03166bf26104
-
SHA512
8b236045b2f6119f4bede2d027241326da7086cb49dad8d2f63d5e7166e80d53a7c54e9e44fc4688bb792a7362c81c0b827f3294106c705448a6484ba15234c3
Static task
static1
Behavioral task
behavioral1
Sample
Payment_Advise.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment_Advise.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.slmmoworldfood.com - Port:
587 - Username:
socarfunds2@slmmoworldfood.com - Password:
Starghost@1011
Targets
-
-
Target
Payment_Advise.exe
-
Size
1.3MB
-
MD5
35ba2f1359c8ff10a5e81a3bfdf0700a
-
SHA1
4d54f2dedc27042ce5902d86121fa76b276fecf1
-
SHA256
b7c73253efc4d93712eab9dbfb67d98c2f23b03858682e01e88f489ade8ab971
-
SHA512
25cc02cf32635bb9d9d4b3f3fb0532d86e01b2f0f4b5bb7ef73fe37d291e156ed328f0211e6bb07709a3026437d8cb49a1b44be55179e62559d7954f9d2f626b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-