General
-
Target
6e570e257e1d6f826a8ed9ee4d46aa69e36fd6f0fddd57f432f993fdaf4fc237
-
Size
1005KB
-
Sample
220521-mm8d3acaf9
-
MD5
8eab84ad3fb44465f006c9b78b3e847c
-
SHA1
608c72b3c06c2e550d41c36df373457e183f0c0a
-
SHA256
6e570e257e1d6f826a8ed9ee4d46aa69e36fd6f0fddd57f432f993fdaf4fc237
-
SHA512
a15e9cd956c4c39b353b13f3fb4a0a6edf5e1c5b8b477076be38c5b1a55f63a6cb899cfd917863b3631ceaedcaec3a49b1c3b741b8e799c61c535fa02d970afd
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT SLIP.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENT SLIP.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
KoKrjnZ3
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
KoKrjnZ3
Targets
-
-
Target
PAYMENT SLIP.exe
-
Size
1.4MB
-
MD5
5d401208a61eb45a0a42ace4528329a7
-
SHA1
511d9b22cd5a565d336e6ecf1b63740d3a2450aa
-
SHA256
9350e2b52b57a3f17169e6b46a888559dea995d2de8c61a4cdbcbb340d530dff
-
SHA512
0df3663866ff9ee19c033ecbf820e68acdc35f4b14866884713e609e1a63932e658b201c89dfbd98754079a9adb9c7532029c48e513f0227f3736e2cd16e3804
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-