General
-
Target
d245b8f7b96be20c39a84e11d19a770b6dc3155ccbe668843bd4682f262bc174
-
Size
364KB
-
Sample
220521-mm1n8acaf2
-
MD5
8b1f0a00024f52d85c298a0f323836cc
-
SHA1
8f113d26aa23fbc55f4027f7261b359df3f129c3
-
SHA256
d245b8f7b96be20c39a84e11d19a770b6dc3155ccbe668843bd4682f262bc174
-
SHA512
c4448f4fb7caea0a36f0634f97bba1bd283412c32517cdba0df17c5630cde09b0d3e78665cd8511db8d32f4990cd520d191025ac9865863795fdccde90f7ee12
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chenklins.com - Port:
587 - Username:
[email protected] - Password:
WIMo-3%Zv,N.
Targets
-
-
Target
Payment Copy.exe
-
Size
510KB
-
MD5
f554bb70eb38b2cdf9612469ba094651
-
SHA1
b40eb3a92f67f8a2206cf74d4caaa7a7f8b9d64b
-
SHA256
464e7363198201699fa0503be713d1776fb07eefc63830cd08494f26ec93ba8b
-
SHA512
281aca43b9c52eddfc0dfe2c15d7c852680f33a9c3d8fdf39e56b4ad723e4853ef85270100fa6b25963d254a6c62e836ddde67592f683d425f34f73a530ecee5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-