General
-
Target
eeb4319818959c111beae9f0bd038991b41a9294c50700c6390ce9fe5490fb74
-
Size
424KB
-
Sample
220521-pdy55sacgm
-
MD5
8744c132c480a768be02b78b7578d88d
-
SHA1
5396ef0eb79dc941602e6fc7cdd8055119ba0099
-
SHA256
eeb4319818959c111beae9f0bd038991b41a9294c50700c6390ce9fe5490fb74
-
SHA512
dc7b7325831bbac23b168f70c70f102bf2992eca1b8ab632b7cc1778dad507be1da5ddcc87d278e369e534f6fdb071a9b94566c6651b0f358cd2e77f237d81e4
Static task
static1
Behavioral task
behavioral1
Sample
Payment Copy.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Copy.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
alexisborris@yandex.ru - Password:
@Veronica24#
Targets
-
-
Target
Payment Copy.exe
-
Size
447KB
-
MD5
6ad7d8bf86c04715891b54cd2fe4a3de
-
SHA1
01417971637c349319d11de98c48f92c3eab6d50
-
SHA256
637b72e82538b767707282db37c0f960aa60c72e3c44c76ecaf232a9c105bf41
-
SHA512
79945668bec8fc41fd54169117aee755c74fae765398d92c2afccf45ed4e326a799015cb2cdf107618a4681648ad2246820916d37e57411f3c776c5bc88c6e35
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-