General
-
Target
2f66268ec10af16bf68c4f311f9b53ef7b83aa68da8971abd900a1064fb97981
-
Size
703KB
-
Sample
220521-ns5e2aeah8
-
MD5
08b98677cfd0de0134f8063eb10d00f3
-
SHA1
e5c7f40b829c313b468bb871dcfa17a2aebff8cd
-
SHA256
2f66268ec10af16bf68c4f311f9b53ef7b83aa68da8971abd900a1064fb97981
-
SHA512
ec1285cec29c72f31219682e92243740f57514bc17fc898ec6b694ba2eabe3ae625bdfd96c5e23b31b4c8c342a8ffba4cd956323676b6d816a679afd0008ae13
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT COPY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENT COPY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.lebchrom.com - Port:
587 - Username:
bishop@lebchrom.com - Password:
7A3Wj{yq_*ex
Targets
-
-
Target
PAYMENT COPY.exe
-
Size
931KB
-
MD5
dce738c34da3e19d7d692f99e8ef981a
-
SHA1
3a1065173a51f5673afedfc217bc15c053d715d1
-
SHA256
7931c2fc08b888aee9fdcebc85e09b814f280227a2320692a3966328c78d7dbb
-
SHA512
db1815c9e946ef28ee6f0397e18fc94bd08972d603ef7985e9d501c368280d509a31641303d2ae4dca069f7b719fe04ee041656c4fe001857d98fa9d257d6f46
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-