General
-
Target
c181b982dba79e029bfb1ae69941d86caa313e745baaef00004040e146986a04
-
Size
243KB
-
Sample
220521-n1hw1aede4
-
MD5
4f0af7ddf83817dfada3093260ec24ab
-
SHA1
1eac9a7e5c7c3e9c977ff46c8b3a2b50cb929f7d
-
SHA256
c181b982dba79e029bfb1ae69941d86caa313e745baaef00004040e146986a04
-
SHA512
badfc3a2a849a097cecea2c0454f172a37d8ef73e31f68e93932bfce4085789e60b24c1c2f34411f0ced65166115817d1006985e1cb51683a4c08a76f42c1d7c
Static task
static1
Behavioral task
behavioral1
Sample
Proof of payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Proof of payment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
logsdetails0@yandex.com - Password:
Hunter$#@145722
Targets
-
-
Target
Proof of payment.exe
-
Size
608KB
-
MD5
2914288341a628164f4288c3ac01c7e2
-
SHA1
58f0225b257725c93f41e92a471d2a2f07029982
-
SHA256
92b3287ca777166f9231da535aa5248d3508ffdae60a53e378316ac079b9b60c
-
SHA512
60c2aeff2bf7e60295214302410c7dd5c078372aec845d8ba836d6a911f051bade61300a765ab0318f0cafc57d55c517dc5f00cba2c0feb921dbade84544ec57
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-