General
-
Target
0ede2d625006d275ff9b68417d6a4cd45d519cfe0d9a49abe5b7dfb0efef0ee7
-
Size
1.6MB
-
Sample
221128-pqjafsda37
-
MD5
dc525c5fa578467b6a97ce0a2e6524cf
-
SHA1
fda2ea3facb72f6e171365069b1e892f9ee7f100
-
SHA256
0ede2d625006d275ff9b68417d6a4cd45d519cfe0d9a49abe5b7dfb0efef0ee7
-
SHA512
443db3c3b73e87ebb93e98a9b31efa68c3d5ac79e829e7547a15034bd92e4e17d8be1985f97ffe2116534f4fed66e94fef009e61ed0151e9cebff3c8656d465a
-
SSDEEP
12288:5Icw1pNcax0F5+htb7lPwYzgmF4a1liyk5M5Aaec6UdYVmU/GZoNid79fV2CStc7:aLncax0CJria2EG+oDOwB
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT_.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PAYMENT_.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5421147975:AAGrsGnLOHZfFv7yHuj3hZdQSOVmPodIAVI/sendDocument
Targets
-
-
Target
PAYMENT_.EXE
-
Size
1.1MB
-
MD5
ab16019f6de46dc8df86535f8e32c6d3
-
SHA1
701dd0536a0d551a2106bd77d54dd0279b45f6ae
-
SHA256
6c5c691b8220592e29ed077baccc2b85fda2a851e96655aae685e5918becb087
-
SHA512
8b7ae90b572249e130e7b131599d6b484dcab670b1db8fce651c744969a432d92eadda43962f968f91a9f157d0856033212b8978638aa9af85a471587dc93672
-
SSDEEP
12288:PIcw1pNcax0F5+htb7lPwYzgmF4a1liyk5M5Aaec6UdYVmU/GZoNid79fV2CStc7:wLncax0CJria2EG+oDOwB
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-