General
-
Target
096f3bb0acffadae7895343a2f64bd0bb2d848d262fbbf2fc59f5af9ac5f7152
-
Size
1.6MB
-
Sample
220521-m9r1ladcg4
-
MD5
32d35af7590d35b60beeb145e9139822
-
SHA1
87b9c0e3a054e6e963e361f72bc2a02f9ad2253f
-
SHA256
096f3bb0acffadae7895343a2f64bd0bb2d848d262fbbf2fc59f5af9ac5f7152
-
SHA512
304b834d587535a4545eb3e966dafc1a766bce24b8577c14e46e57c9f67224df85271bab1d56719ba5850037bffb74331b98a5926c658e3934dd5faaf726ad06
Static task
static1
Behavioral task
behavioral1
Sample
Zahlung.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Zahlung.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mse.com.cy/ - Port:
21 - Username:
bugattimse@mse.com.cy - Password:
(tKJ.wvnN~5d
Protocol: ftp- Host:
ftp://ftp.mse.com.cy/ - Port:
21 - Username:
bugattimse@mse.com.cy - Password:
(tKJ.wvnN~5d
Targets
-
-
Target
Zahlung.exe
-
Size
2.0MB
-
MD5
e9f5e50cfee388f751791f18120a9c36
-
SHA1
1e05216f6cc5e90afb451a0dff9be523bfbce725
-
SHA256
2ecec86e3f7d5b1f6c34862adb0235467bc29b0eccbd356d7b4a3051fcdf05c7
-
SHA512
eb7a870f461d5e909f0ca6f803ec194c44068329313e59b6c4c662b5131fe45b0727fd11e796cedfd67e2ca7db8de66991d2e290f892f52e5f81b9843d63e7fb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-