General
-
Target
88a41ce0ed4d8bb1f22097188e55913a5879da2ca0276c93a54e95083dbbdbf1
-
Size
618KB
-
Sample
220521-nbr4dadde5
-
MD5
944a1b7a7a95016f3c58b80f9372d83d
-
SHA1
5cc359928d40792e9ff6e6bedef4928cc326910a
-
SHA256
88a41ce0ed4d8bb1f22097188e55913a5879da2ca0276c93a54e95083dbbdbf1
-
SHA512
3e71ebbc7f77029b363537607e2d99da20c0b8efc2ae478e53a2a95e5576490313ad483dccb3dba5df045e82a9e2ac4a85b2115b177621479d28b1d55bb0e742
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.millndustries.com - Port:
587 - Username:
chukwuyem@millndustries.com - Password:
{zdog:g7S@R3
Targets
-
-
Target
Payment Copy.exe
-
Size
662KB
-
MD5
f87d55afc11f0766d335de227e82d2e9
-
SHA1
dd28418244ed603d156b2985172c452c3f12c725
-
SHA256
5b52beb61f01acce45442d85adcc909eabc07d87fc006d35c9e37f5d8b69d2c2
-
SHA512
eea0b5e24bfb2a6fe7c90ccc71cfe191de5db78c6f4dbd5e2876fc1799f91d403339927d787d2a5323b31fed8c6ab6f5725323d7a2de9262f64937da5a74aa06
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-