General
-
Target
Advanced Payment - Ref_001299384596OBR11522.exe
-
Size
765KB
-
Sample
230403-rwvlsafc82
-
MD5
3d822b4323d99c9485748119b53ebff8
-
SHA1
c8c0af75f5f0f788252cb90679c34e109fd22238
-
SHA256
82211de23461b7060737032b0ab788d6cbf5e2486bda7bf9f2c1c7d846ef9234
-
SHA512
1d7ef66d68849bcbaf1c601875f5f262207767f78580d21c98981a6446c3a9352f3abecf1c5a65edfc9f1144b5e51f91fd6b5035fd8f760bc41a3b45c18270dd
-
SSDEEP
12288:j5CBWKdq1FbwwJLwr/+nQZPhWqUjh1kCFBwSgmnqzTrQCEOBa7TYzhqB6/fMN5IJ:Mfrp7+UWJN1PqhmnDCEOBsUzhc6n25ww
Static task
static1
Behavioral task
behavioral1
Sample
Advanced Payment - Ref_001299384596OBR11522.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Advanced Payment - Ref_001299384596OBR11522.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.nutiribio.com - Port:
587 - Username:
[email protected] - Password:
zGNVO(l5
Targets
-
-
Target
Advanced Payment - Ref_001299384596OBR11522.exe
-
Size
765KB
-
MD5
3d822b4323d99c9485748119b53ebff8
-
SHA1
c8c0af75f5f0f788252cb90679c34e109fd22238
-
SHA256
82211de23461b7060737032b0ab788d6cbf5e2486bda7bf9f2c1c7d846ef9234
-
SHA512
1d7ef66d68849bcbaf1c601875f5f262207767f78580d21c98981a6446c3a9352f3abecf1c5a65edfc9f1144b5e51f91fd6b5035fd8f760bc41a3b45c18270dd
-
SSDEEP
12288:j5CBWKdq1FbwwJLwr/+nQZPhWqUjh1kCFBwSgmnqzTrQCEOBa7TYzhqB6/fMN5IJ:Mfrp7+UWJN1PqhmnDCEOBsUzhc6n25ww
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-