General
-
Target
0240e5f174a7801570fef64aa77289490a9464afe25658ce3026c0ec5429f164
-
Size
410KB
-
Sample
220521-pc184saccq
-
MD5
16c63cab7c400d357f08dd801d33c70a
-
SHA1
f4bb4a15abd807d897f0f81f1e56a2702ba7c75d
-
SHA256
0240e5f174a7801570fef64aa77289490a9464afe25658ce3026c0ec5429f164
-
SHA512
174259541326b86ed6392f810af3722e27a7b9eb834c6539b0b1ddc059e1601b6a6807967b3fc5fb22906d50b5e88c3365669970b66bfffd28a2075cf0998229
Static task
static1
Behavioral task
behavioral1
Sample
Payment Information.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Information.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.truebarnds.com - Port:
587 - Username:
info@truebarnds.com - Password:
SnbDUMn7
Targets
-
-
Target
Payment Information.exe
-
Size
596KB
-
MD5
08cb9ea318ef263c4c0434f26bb41a95
-
SHA1
1ad38381184d53222b3e40ca21294fd028090dda
-
SHA256
95c93aceae03da91a38a1e26449254aac2aa113ac5f0362edd0e09a8d4d1e442
-
SHA512
c3a95eb2119d4c1e5c0426ad28cb650e9ff0a26c899ecf39d4673ac7c7eb620ee82c8abdc2bd997fe6b918912e314a8a9548349548243e6bfea25863d9dc0903
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-