General
-
Target
e64b588cd1cc19f9d30a3baf819ef6ec564c2920f358a502464d0205b1acf2fd
-
Size
465KB
-
Sample
220521-mxyydafgdq
-
MD5
862f546ac35ba5c3e69d6e61e0189102
-
SHA1
43d61ecf32bf0492dfa24746b1d6af8b8252a8c8
-
SHA256
e64b588cd1cc19f9d30a3baf819ef6ec564c2920f358a502464d0205b1acf2fd
-
SHA512
4892142308d321b560ccdf1a10a326917fba4469cce0cb73a75600710ad51cf1359f779b5e111667510bd7addaf99b647c272749808ed175c8b0ff05d91758c6
Static task
static1
Behavioral task
behavioral1
Sample
cheque deposit slip, BDT Amount 70,000.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cheque deposit slip, BDT Amount 70,000.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.totallyanonymous.com - Port:
587 - Username:
[email protected] - Password:
506g239R
Extracted
Protocol: smtp- Host:
mail.totallyanonymous.com - Port:
587 - Username:
[email protected] - Password:
506g239R
Targets
-
-
Target
cheque deposit slip, BDT Amount 70,000.exe
-
Size
719KB
-
MD5
d207440e1ddcfd07dd367716b4352ad8
-
SHA1
99c84cd904ecfc83d818ae91853b9b8135e6f447
-
SHA256
fb2089862c97bb7765b51eda264b7338e5e32f71a70412926643a8991ce97c98
-
SHA512
9ab4c5a48af1a2927416b8f6ceed6b0cd6071d2f135f7b04a155f2cb540734882dd6ca434b5667899a426d193e6c1b25bd45f1c10ed39379fa9edd1c76234327
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-