General
-
Target
Review bank details.exe
-
Size
1.7MB
-
Sample
210118-zm4bgf5jbx
-
MD5
510ef74732e1401f22fccfbcc4f311a4
-
SHA1
800c5e610ec96adac22802b1140c6a3bcc761707
-
SHA256
086f4dec8923c1d1a084cd47532fb0008bc3b3c928ba1856697679c81d1d4aae
-
SHA512
3aa464092030f2638f3824365fb3df7bcf48833072f4bca843fca35fa058fcef2dde5c8cae5229d3bc3eb0479b6b7ab105b6417f89a297c6ef85cca73e659063
Static task
static1
Behavioral task
behavioral1
Sample
Review bank details.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Review bank details.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cybernetics.co.za - Port:
587 - Username:
maurice@cybernetics.co.za - Password:
P@ssw0rd
Targets
-
-
Target
Review bank details.exe
-
Size
1.7MB
-
MD5
510ef74732e1401f22fccfbcc4f311a4
-
SHA1
800c5e610ec96adac22802b1140c6a3bcc761707
-
SHA256
086f4dec8923c1d1a084cd47532fb0008bc3b3c928ba1856697679c81d1d4aae
-
SHA512
3aa464092030f2638f3824365fb3df7bcf48833072f4bca843fca35fa058fcef2dde5c8cae5229d3bc3eb0479b6b7ab105b6417f89a297c6ef85cca73e659063
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-