General
-
Target
63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18
-
Size
453KB
-
Sample
220521-pwwsqsbchk
-
MD5
729f4af4bf6ca02c94c625a735d4c084
-
SHA1
f3f982b714c3e51eed05775ff47378ae59de5d9a
-
SHA256
63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18
-
SHA512
fd409251ba4c49780cddec230904566ae68943bb7016c5cc60afe166f88c548fa1ed2c9193512461a2249a6b08a62c97bbff909a6540d3c3bc7cf58246944d85
Static task
static1
Behavioral task
behavioral1
Sample
6月份副料請款明細 高士丰 - TAIEASY.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6月份副料請款明細 高士丰 - TAIEASY.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.moorefundz.com - Port:
587 - Username:
evra@moorefundz.com - Password:
g7g2Ig?Aeh_+
Targets
-
-
Target
6月份副料請款明細 高士丰 - TAIEASY.exe
-
Size
487KB
-
MD5
81a9fd9492afb0f0d7bea535b1ef201a
-
SHA1
daae7e3c956973ef70278f3bec0f962df847e853
-
SHA256
4e9e93f2212fe68f3a0ffe0a1eb732413efd85cc3e94d6d62ebc9558dd8b957c
-
SHA512
c1095cb393d4b877629029676839c47dffc64aece9b9c09cea5228a9f2e2b19337008b3b0045eb7102def563c71b7681c3420d73e4ae62666f7d2f41d0dbf2fa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-