General
-
Target
ae9d67c2ab9848b61815f83f095628df146498e24e60c99797ab7fdfa032c8cf
-
Size
386KB
-
Sample
220521-nq9a7shbdp
-
MD5
40748b67a5f171b001f006f5ddd420a6
-
SHA1
873011a7f6f351dbc632123f91c29125b39b443f
-
SHA256
ae9d67c2ab9848b61815f83f095628df146498e24e60c99797ab7fdfa032c8cf
-
SHA512
90a0eb633c84e297eeaf405cad1f557f784912197f5318eff2a2f83d4d0ed340b579f909c85f521b7e670a6cece66431dfbdb700a13a793396e806d800cd73bb
Static task
static1
Behavioral task
behavioral1
Sample
Final Payment.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Final Payment.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Blessing123
Targets
-
-
Target
Final Payment.exe
-
Size
409KB
-
MD5
0282b49af67ee721257b1f5befee8d2e
-
SHA1
39fc92ea27727aa57910015a72df0beb6b7887c0
-
SHA256
c706f368dbef31f72b1014d16a23f3f69abdbad6f62571e6325930c549afda2c
-
SHA512
b0018656ff6e06468e3ebe9b9c903a27479476bfda444ae4e5d48440c38935a5c941e0a278e414acff7840033ecd49fc13aa7227f606c75eaae6fa1bbfe1952b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-