General
-
Target
payment.zip
-
Size
650KB
-
Sample
221003-phe8tsfbc9
-
MD5
a178a9953da65155d13e0500b00fa139
-
SHA1
74561cbfcd2f3a2a66ae99ba912bc60f77dbb702
-
SHA256
b2b68841e3731c4f589c2bb6f57525e9f3cf9d8dcb9dc364311e1bca83c38ef4
-
SHA512
7ffef9cde033cfd40d11f3060c6d21b5cac8f6dc40088f5a6085da9aa08818da7ca245e04eee3d4f4aac9ba43b40b54ef990078fdd563b1b1c1875c3afcba540
-
SSDEEP
12288:CbSrpokgd0QbO0Y9NySwmnhNJm9+KJPgVwM3STtG3MhL0uFQPZ+cHOBaHkr7k:rSkNrZwUha93dgp3onhL04QR+P8Er7k
Static task
static1
Behavioral task
behavioral1
Sample
payment.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
payment.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.pisc.lk - Port:
587 - Username:
sales@pisc.lk - Password:
PIsafeTY2021
Targets
-
-
Target
payment.exe
-
Size
967KB
-
MD5
d2ce4f35ff81cb0c2d3c520315f770b4
-
SHA1
5c2cb8885ead96ea73c86d5645984aa1666dfc90
-
SHA256
69ca3b794c4faf2dbf082983793d0fbfbea3f957e758e8512ccd01c3abed13fa
-
SHA512
3c6d1634c514ba8e3b023456264282c2900648c7a89a9920be916a19b53198279bb0f51fce508100f0ed7ccf3edb5dcc16b6f23305137fb54e26e39edae2778c
-
SSDEEP
12288:aZK4HTNZyRNwwwm3FNxmH+OvPgnwwlITtG9W1L0iFYP74cfoBaHwZUnys5i:pnwOFmHZ3gVlSD1L08Yj4Z8QZT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-