General
-
Target
7a023f05b4a9cfef609e99018bb6b083570a5e59c630357aa0a05d18cc6d4d25
-
Size
298KB
-
Sample
220521-nx575ahdem
-
MD5
12feef1c037e691e348358ed10c082e2
-
SHA1
099f166f144f3c94dc5c7c40e981d560c68b5efe
-
SHA256
7a023f05b4a9cfef609e99018bb6b083570a5e59c630357aa0a05d18cc6d4d25
-
SHA512
c985e183441a2a9b7d556d564003653de5516cecb6efb49814fc2b1b08914499bb9822a46e79cea006ca59ab48e0772c675b90bc714d8e4a3cd0f450cb34df49
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.chenklins.com - Port:
587 - Username:
bobbrown@chenklins.com - Password:
VBRSv_r)C~mM
Targets
-
-
Target
Payment Copy.exe
-
Size
414KB
-
MD5
05eaf101a0b976d96093eac5002e020b
-
SHA1
34a9e953a5f45a3c187af4f370feb395b6c2a45f
-
SHA256
ec6afc29beafb4093f0aca9fa00e1c3097dac94baee4801eebc5043de4556781
-
SHA512
67e39fe452b0c72772274f3fa54483262c24a123b21467b3a62cbfa2a4732443e91b32019b83f6665cf24095fcb3df9bee94bdd74558deba77d96da7252eb124
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-