General
-
Target
payment receipt.exe
-
Size
899KB
-
Sample
221208-rt3vdadc2x
-
MD5
ef2ce2f68f0c5562a64bd3139d81a62f
-
SHA1
248f3b30bb878a7608d1da009ae686b2e805562b
-
SHA256
112fea8779d66870df2bfe7d46f60f8e6f3c0f768a8076f9494404df0d2e88ed
-
SHA512
bdef4affde1cfc29055fbf1ea8d7b98832cbd0086693913eaf38f875a7d9969635c0edd05df18598edcadf2da0d911980f5c412622e8b76625114226f1923c10
-
SSDEEP
12288:goQgKZ/nXt7virmWhlGLaQYIRx/9/YAoDotxyo5iTz6wRhEq2jHrM393T7Qsm447:c/NYAHP5iTzOE3t32ia
Static task
static1
Behavioral task
behavioral1
Sample
payment receipt.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
payment receipt.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
work-toolz.click - Port:
587 - Username:
[email protected] - Password:
3HLkst~=QzD3
Targets
-
-
Target
payment receipt.exe
-
Size
899KB
-
MD5
ef2ce2f68f0c5562a64bd3139d81a62f
-
SHA1
248f3b30bb878a7608d1da009ae686b2e805562b
-
SHA256
112fea8779d66870df2bfe7d46f60f8e6f3c0f768a8076f9494404df0d2e88ed
-
SHA512
bdef4affde1cfc29055fbf1ea8d7b98832cbd0086693913eaf38f875a7d9969635c0edd05df18598edcadf2da0d911980f5c412622e8b76625114226f1923c10
-
SSDEEP
12288:goQgKZ/nXt7virmWhlGLaQYIRx/9/YAoDotxyo5iTz6wRhEq2jHrM393T7Qsm447:c/NYAHP5iTzOE3t32ia
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-