General
-
Target
payment-copy.exe
-
Size
384KB
-
Sample
200630-bk86ew2r3n
-
MD5
9d993e2df83b59c6300762da5280b92c
-
SHA1
09c58b31658a474612d234c3d5f5ddcdbf198694
-
SHA256
19a698caf6076777fe8cc3790de4de3accb9d68ee847ab1045cb60880f7b108f
-
SHA512
f6290118a0698e127ff9c1480cc973ee3a765df340d2f8d930277247bcebb0d28f62b029952e23db5799f60b87b5f8828a268b74e44c43ab40b1b2d74da6b71f
Static task
static1
Behavioral task
behavioral1
Sample
payment-copy.exe
Resource
win7
Behavioral task
behavioral2
Sample
payment-copy.exe
Resource
win10v200430
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.delegatesinrwanda.com - Port:
587 - Username:
logs@delegatesinrwanda.com - Password:
Password_89
Targets
-
-
Target
payment-copy.exe
-
Size
384KB
-
MD5
9d993e2df83b59c6300762da5280b92c
-
SHA1
09c58b31658a474612d234c3d5f5ddcdbf198694
-
SHA256
19a698caf6076777fe8cc3790de4de3accb9d68ee847ab1045cb60880f7b108f
-
SHA512
f6290118a0698e127ff9c1480cc973ee3a765df340d2f8d930277247bcebb0d28f62b029952e23db5799f60b87b5f8828a268b74e44c43ab40b1b2d74da6b71f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Deletes itself
-
Drops startup file
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-