General
-
Target
53a8e9b18c127e23e3dc5b7f8189dc23e3488b63f1ce2dbfec8193a98c483252
-
Size
387KB
-
Sample
220521-plk89aagbk
-
MD5
ba1b8f0172548e0a6503011883e5f4d6
-
SHA1
68c3b4248f3fffb7133ef139187e637cbaade7d3
-
SHA256
53a8e9b18c127e23e3dc5b7f8189dc23e3488b63f1ce2dbfec8193a98c483252
-
SHA512
b4ce484713ab03031adbb86315db7977940db6bf094ad9e4826348ba3cf4afe01a3affbf693b5d22b3a4457fcc3aa2318279e15298275cd6f22ebfa117359273
Static task
static1
Behavioral task
behavioral1
Sample
Facturas Pagadas al Vencimiento.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Facturas Pagadas al Vencimiento.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
off1ce.box@yandex.com - Password:
kroskofile
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
off1ce.box@yandex.com - Password:
kroskofile
Targets
-
-
Target
Facturas Pagadas al Vencimiento.exe
-
Size
440KB
-
MD5
194b1225cd1efbc86b7f980fd051f4ab
-
SHA1
e0d239503372670ee76df673bb3755e503287ddf
-
SHA256
d8972963e61f138278d2f2c45982444f682428c6de5d3cdcf5d0f46797754949
-
SHA512
1c3dbb023a4a9adf3a8d88677948d98d538cbc1eb14e7a26157102a83b936e18e437972f3410f0be0abe2eb521691da2c103e59660becf1f94341418379260ef
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-