General
-
Target
03fc02ebadc14ed098e2730aa13f914a171552159601295ad480c6e3458e35f6
-
Size
403KB
-
Sample
220521-pp4j1aahhr
-
MD5
9d32957d07fc1605a7994e0a00645101
-
SHA1
0b99a85371caa4c654e0905828a10d67d190e662
-
SHA256
03fc02ebadc14ed098e2730aa13f914a171552159601295ad480c6e3458e35f6
-
SHA512
e5e38ff8cf737826d2fbc699259e5987d4b5058136e3dbb04172632d5a107720a42db74be3f62a42282f6ab8cd071a86e4029407a736a9a55a04ce7958a401b6
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advice.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Payment Advice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
petersonhouston@yandex.com - Password:
faith12AB
Targets
-
-
Target
Payment Advice.exe
-
Size
433KB
-
MD5
db42a352386ad14ebfb012ae58bd266d
-
SHA1
05926e8118ca4fbf55faf9b852e66720449c3842
-
SHA256
cd58b0bb08f218fdce3d57c001a8140b66661cdb7accb47a93ba2722ea64f0e9
-
SHA512
efc5dd4c911623bbd3553f42a8856dd4f173cb1e59f5ba0fbb12d17d10d55d4b9779ccca33a14bcec51a0dab5820c35633faf4b438fae76ad9db9ecbf55c038c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-