General
-
Target
Payment.exe
-
Size
584KB
-
Sample
221205-nbq63shb8v
-
MD5
a158bd528300b85b97ceabdb5ce89ec7
-
SHA1
291341762d795899609f283ec1acdb4ac2bc6a6f
-
SHA256
ec90aedf80763b313c646fd0c62b4a7f627d3df787416e562d276e76022bc857
-
SHA512
96d61cc09f96a126f9b3b39556b87c1baf47b58d28c4b5192647a8b9aa1121a1f5fe2306aacc6491eef3442959701c207207e2976699efc0a71e22fd851c5781
-
SSDEEP
12288:xeqKCgTod2M+g0EiQ4/Bv3h3MaUZ9KtaS2OgiotlMDXthPaasNLMl9jq:MqKsh02C7MVwf2O3otlk9Rs5k9j
Static task
static1
Behavioral task
behavioral1
Sample
Payment.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Payment.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5083863399:AAH9g72QTdN88jNOd6_tBrE8gEd-FpXnfHE/sendDocument
Targets
-
-
Target
Payment.exe
-
Size
584KB
-
MD5
a158bd528300b85b97ceabdb5ce89ec7
-
SHA1
291341762d795899609f283ec1acdb4ac2bc6a6f
-
SHA256
ec90aedf80763b313c646fd0c62b4a7f627d3df787416e562d276e76022bc857
-
SHA512
96d61cc09f96a126f9b3b39556b87c1baf47b58d28c4b5192647a8b9aa1121a1f5fe2306aacc6491eef3442959701c207207e2976699efc0a71e22fd851c5781
-
SSDEEP
12288:xeqKCgTod2M+g0EiQ4/Bv3h3MaUZ9KtaS2OgiotlMDXthPaasNLMl9jq:MqKsh02C7MVwf2O3otlk9Rs5k9j
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Suspicious use of SetThreadContext
-