General
-
Target
6c11886cb1dd5dec119ba707555dd0bbb5705c97e60221a4108141f796ed4b7d
-
Size
463KB
-
Sample
220521-myzw3acfh6
-
MD5
81541448dce4dd4077e5d6bdb52a6a7d
-
SHA1
84d91668b34be38942287b1f3d3d0f32db5c8236
-
SHA256
6c11886cb1dd5dec119ba707555dd0bbb5705c97e60221a4108141f796ed4b7d
-
SHA512
afff5c2785c0b4bc1cb67d36b3e339039a7211ef10249ab6a5e9a1e6a45cdc6191b048d140879a3c4a4fadbdf01ffa3b0d47f7eb1af45a866f08a6d2b2ac591f
Static task
static1
Behavioral task
behavioral1
Sample
Payment Proof.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Proof.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
chuk5anderson@yandex.ru - Password:
chukwudi123
Targets
-
-
Target
Payment Proof.exe
-
Size
806KB
-
MD5
6c8f01372803ed1b13e8e03bc764b84f
-
SHA1
2851549bed6bab05ddd74c2ae97e7324b2df8e31
-
SHA256
c482ca787afb6b9f12e79b80f791494338b6a353950c12e57df5b1411a1ccd50
-
SHA512
fae08dac1a2f78177fd274954e00f57b6e16b869a8ed8fe1d8d61c7fd01c875dff44df69493dffb59c9f6ab25ac39b7a2ce12ddea7602444c149a7c475c6a487
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-