General
-
Target
0d42033f98bb08e92b5e0e10b6bdc2674689efbbe4fb275c74b85262a5da68cc
-
Size
395KB
-
Sample
220521-pddjfaacdp
-
MD5
76accd6e619502ec22b9928a2353af9a
-
SHA1
460042b0da7494957c29dff5a8b90b1a792b80e8
-
SHA256
0d42033f98bb08e92b5e0e10b6bdc2674689efbbe4fb275c74b85262a5da68cc
-
SHA512
c68e09faf8bfae69102794f125eddf041b73517cec2f1c2a3e796823d7409c2aaaa99b7280b7774bd1146ab08d87ebb373a34e57f433e189a6263622d8200c2c
Static task
static1
Behavioral task
behavioral1
Sample
Payment notification.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment notification.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
zstcznz.org - Port:
587 - Username:
makonyo@zstcznz.org - Password:
makonyo@2017
Extracted
Protocol: smtp- Host:
zstcznz.org - Port:
587 - Username:
makonyo@zstcznz.org - Password:
makonyo@2017
Targets
-
-
Target
Payment notification.exe
-
Size
429KB
-
MD5
add3085642ac7fc63b5fba524f790a5b
-
SHA1
21d4392b1c94fa1e1e8eb292e6216f9dd4dd16d9
-
SHA256
73c5071a6dc5f6d66b800d56b97e6f451d2738aebb2efcacaaab86319392dddb
-
SHA512
8e2dcaf9e4c37ead0412ee3df12ee05b8d1a0ec5a9a661bf0f450eed580803b9823508b5dbaca59148b91a1c6d8699b7f00f59e73fe064721bccef2d4f66a597
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-