General
-
Target
PAYMENT ADVICE.exe
-
Size
471KB
-
Sample
221205-r9atjaae65
-
MD5
20c4471b875e64c7943c225a359eb227
-
SHA1
3551c6ddbe76927927a22262af48c225a9c28d6b
-
SHA256
4af278d681249a1d292e0b0eb662f20ec919f984bf1c3d3ed0cff961fe0ef887
-
SHA512
72b2fb581a3e9efa8b9bde02507dce59a3e094fbc9d3c98701ce4ff5a37d152708a50c0b546232c073115e5e9988d9f3d7d33c1418d9fefa7c1236100d06deef
-
SSDEEP
12288:DcKn2SMgBEWoCruaOwVrf3iNWiPpq72IanrSy00kZlXa:DL6LmuZGf3ijBkMrSRzZRa
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT ADVICE.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
PAYMENT ADVICE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5247127509:AAGW6jgaK8wg9Olc3UxNFqjLkvAv8DEdQEY/
Targets
-
-
Target
PAYMENT ADVICE.exe
-
Size
471KB
-
MD5
20c4471b875e64c7943c225a359eb227
-
SHA1
3551c6ddbe76927927a22262af48c225a9c28d6b
-
SHA256
4af278d681249a1d292e0b0eb662f20ec919f984bf1c3d3ed0cff961fe0ef887
-
SHA512
72b2fb581a3e9efa8b9bde02507dce59a3e094fbc9d3c98701ce4ff5a37d152708a50c0b546232c073115e5e9988d9f3d7d33c1418d9fefa7c1236100d06deef
-
SSDEEP
12288:DcKn2SMgBEWoCruaOwVrf3iNWiPpq72IanrSy00kZlXa:DL6LmuZGf3ijBkMrSRzZRa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-